The Sedona Conference Journal

Volume 18 2017

Diagnosing and Treating Legal Ailments of the Electronic Health Record: Toward an Efficient and Trustworthy Process for Information Discovery and Release

Hon. Ralph Artigliere, Chad P. Brouillard, Dr. Reed D. Gelzer, Kimberly Reich & Steven Teppler

Recommended Citation:

Hon. Ralph Artigliere et al., Diagnosing and Treating Legal Ailments of the Electronic Health Record: Toward an Efficient and Trustworthy Process for Information Discovery and Release, 18 Sedona Conf. J. 209 (2017).

For this and additional publications see: https://thesedonaconference.org/publications

The Sedona Conference Journal® (ISSN 1530-4981) is published on an annual or semi-annual basis, containing selections from the preceding year’s conferences and Working Group efforts. The Journal is available on a complimentary basis to courthouses and public law libraries and by annual subscription to others ($95; $45 for conference participants and Working Group members). Send us an email ([email protected]) or call (1-602-258-4910) to order or for further information. Check our website for further information about our conferences, Working Groups, and publications: www.thesedonaconference.org. Comments (strongly encouraged) and requests to reproduce all or portions of this issue should be directed to: The Sedona Conference, 301 East Bethany Home Road, Suite C-297, Phoenix, AZ 85012 or [email protected] or call 1-602-258-4910. The Sedona Conference Journal® designed by MargoBDesignLLC at www.margobdesign.com or [email protected]. Cite items in this volume to “18 Sedona Conf. J. _____ (2017).” Copyright 2017, The Sedona Conference. All Rights Reserved. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

DIAGNOSING AND TREATING LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD: TOWARD AN EFFICIENT AND TRUSTWORTHY PROCESS FOR INFORMATION DISCOVERY AND RELEASE

Chad P. Brouillard Hon. Ralph Artigliere Foster & Eldridge, LLP Placida, FL Cambridge, MA

Dr. Reed D. Gelzer Kimberly Reich Provider Resources, Inc. Lake Forest, IL Newbury, NH

Steven Teppler Abbott Law Group Jacksonville, FL

ABSTRACT Electronic health records (EHRs) promise streamlined com- munications, lower costs, and improved patient care in one of the most complex industries in our economy. Currently they’re falling short. This is mainly because of poor standardization of format, low clinical and business reliability, and non-interoper- ability. This paper contends that improvements will result from rigorous application of the laws of evidence and civil discovery. Key principles from these laws include authenticity, relevance, and cooperation. The results will serve assertion and defense of legal rights and benefit health care as a whole. This article, writ- ten by a diverse legal and medical team, assesses the current state of EHRs; analyzes relevant statutes, regulations, and court rules; and proposes a practical and cost-effective path forward.

ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

210 THE SEDONA CONFERENCE JOURNAL [Vol. 18

ABOUT THE AUTHORS Ralph Artigliere is a retired medical malpractice trial lawyer and former Florida circuit judge. He currently writes about legal issues and teaches civil procedure, case management, and elec- tronic discovery to lawyers and judges around the country. Chad P. Brouillard is a trial lawyer who practices medical liability defense and healthcare law. He is a writer and interna- tional speaker on liability issues pertaining to EHRs, healthcare electronic discovery, and Mobile Health (MHealth). Reed D. Gelzer, MD, MPH, is a former primary-care physi- cian. He advises Provider Resources, Inc.—an accredited, woman-owned small business advancing quality assurance and program integrity—on data quality, authenticity, and compli- ance as an HIT (Healthcare Information Technology) Policy and EHR (Electronic Health Record) Specialist. Dr. Gelzer is a co- facilitator of the HL7 EHR Systems Records Management and Evidentiary Support Profile Workgroup. Kimberly Reich, MBA, MJ, PBCI, CEDS, CPHQ, FAHIMA, is a credentialed healthcare information professional who special- izes in electronic discovery, privacy, and compliance. She serves as an expert witness in healthcare-related litigation and is the lead author of the 2012 AHIMA publication “E-Discovery and Electronic Records,” a first-of-its-kind healthcare electronic dis- covery resource. Steven Teppler is a partner at the Abbott Law Group and leads the firm’s technology-based complex litigation and elec- tronic discovery practice.

ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 211

SPECIAL ACKNOWLEDGMENTS The authors thank Tim McKay, senior director for IT product management at Kaiser Permanente, for his comments and ad- vice on the technical diagrams and their presentation in this ar- ticle. Special thanks also go to Gina Trimarco, a senior attorney with DLA Piper and member of The Sedona Conference Work- ing Group on Electronic Document Retention & Production (WG1) Steering Committee, who has graciously reviewed a prior draft of this article and provided extensive assistance with its structure, organization, and overall readability. Finally, the authors thank the numerous individuals and organizations that submitted comments and edits to the Draft for Comment ver- sion of this article and helped advance its objectives; and to Thomas A. “Tony” Foley, Will Hoffman, Susan McClain, and Ken Withers for their assistance in preparing this article for pub- lication. Please note that the opinions expressed herein are those of the authors only, who take full responsibility for any factual errors. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

212 THE SEDONA CONFERENCE JOURNAL [Vol. 18

PREFACE Discovery of digital records has become complex and costly. Many industries are developing solutions. U.S. healthcare, the country’s largest industry, is an exception. This article seeks to help correct this, recognizing two considerations. These are, first, that the U.S. health care and its information technology in- dustry present uniquely resistant challenges requiring a system- atic approach, and, second, that a proper emphasis on discovery will have major direct and indirect benefits. The focus is on the narrative record of patient care, clinical decision support func- tions, and the production of relevant, accurate outputs. The in- tended audiences are the legal, clinical, and healthcare policy communities whose interests include legal relevance, reliability, and accuracy. The intent is to provide those audiences with im- proved understanding of the current state of electronic health records (EHRs)1 and the systems that generate them2 in practical terms using familiar discovery concepts.

1. The authors define an Electronic Health Record (EHR) as a data set purporting to document observations, measurements, acts, and events in the course of evaluating, advising, or treating a patient. The EHR system, and its component sub-systems, comprise procedures, devices, and applications to record and extract information to support clinical business operations and legal processes. These systems require reliable, efficient, and economic rec- ord production that complies with legal expectations of accuracy and au- thenticity. 2. See generally, e.g., Bonnie Kaplan & Kimberly D. Harris-Salamone, Health IT Success and Failure: Recommendations from Literature and an AMIA Workshop, 16 J. AM. MED. INFO. ASSOC. 291 (2009), https://www. ncbi.nlm.nih.gov/pmc/articles/PMC2732244; Thomson Kuhn et al., Clinical Documentation in the 21st Century: Executive Summary of a Policy Position Paper From the American College of Physicians, 162 ANNALS INTERNAL MED. 301 (2015), http://annals.org/aim/article/2089368/clinical-documentation-21st- century-executive-summary-policy-position-paper-from; ECRI INSTITUTE, TOP 10 PATIENT SAFETY CONCERNS FOR HEALTHCARE ORGANIZATIONS, 7, https://www.ecri.org/EmailResources/PSRQ/Top10/Top10PSRQ.pdf (listing ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 213

For legal and clinical users, advanced understanding will provide means to more effectively and reasonably request and receive access to the appropriate scope of patient data. For those in policy, advanced understanding will support more effective oversight. All will benefit from understanding common means to improve systems with unusual vulnerabilities to errors or misuse. One special source of difficulty, an undue reliance in the healthcare community on self-defining their “legal health rec- ord,” is also addressed. Others that may benefit include those concerned with security, privacy, cost, and burden as well as national initiatives for healthcare finance reform, population surveillance, and other uses of EHR data. The recommendations require actors who are motivated to cooperate within a trusted framework; and, in that context, the Sedona Conference is uniquely qualified to provide such a set- ting.

in the top 10—and expanding upon—Data Integrity Failures with Health In- formation Technology Systems). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

214 THE SEDONA CONFERENCE JOURNAL [Vol. 18

TABLE OF CONTENTS

ABSTRACT ...... 209 ABOUT THE AUTHORS ...... 210 SPECIAL ACKNOWLEDGMENTS ...... 211 PREFACE ...... 212 I. INTRODUCTION ...... 216 A. The Promise and Challenge of Electronic Health Records ...... 216 B. Article Scope: Accuracy, Uniformity, and Efficiency ...... 218 II. EHRS IN CONTEXT ...... 221 A. EHRs in the United States ...... 221 B. “EMR” vs. “EHR” ...... 224 C. How EHR Systems Work ...... 225 D. “Authenticity” in EHRs ...... 233 E. ROI Authenticity ...... 237 F. EHR System Characteristics Impeding Data Quality and Records Consistency ...... 238 III. EHRS IN DISCOVERY ...... 242 A. Discovery of Electronically Stored Information (ESI) in General ...... 242 B. EHR Discovery Challenges and the Necessity of Expertise ...... 245 C. EHR Discovery Processes...... 249 D. Relevance and Proportionality in EHR Discovery ...... 252 E. The Proportionality Analysis in the Healthcare Context ...... 255 ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 215

IV. APPLYING DISCOVERY PRINCIPLES AND RULES TO EHRS ...... 257 A. Key Problems with Producing EHR Data...... 257 B. Production Form ...... 263 C. Access Modalities ...... 267 D. Audit Trails ...... 268 V. A HIERARCHICAL APPROACH ...... 272 A. Hierarchy Rationale ...... 273 B. Trustworthiness Levels ...... 276 C. Translating the Hierarchical Model into a Discovery Framework ...... 280 D. A Four-Step Approach to EHR Discovery ...... 284 VI. THE CONVENTIONAL RESPONSES: THE “LEGAL HEALTH RECORD” AND “RELEASE OF INFORMATION” ...... 289 A. Rethinking Established Procedures ...... 289 B. Moving from Paper to Digital Systems: Retiring the “Legal Health Record” Term from Digital Designations ...... 292 C. The ROI and eDiscovery Convergence ...... 297 D. Future Health-Information-Governance Programs ...... 299 VII. SHORT-TERM TREATMENT SOLUTIONS ...... 303 VIII. CONCLUSION ...... 305

ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

216 THE SEDONA CONFERENCE JOURNAL [Vol. 18

I. INTRODUCTION

A. The Promise and Challenge of Electronic Health Records Electronic health records (EHRs)3 promise a future in which digital health information overcomes the limits of paper medi- cal records.4 Ideally, EHRs will be accessible to all authorized individuals and stakeholders involved in patient care. These stakeholders include patients as well as clinicians, lawyers, and businesspeople. Systems-controlled access protections will pro- vide security controls for authorized users and viewers and pro- tect patient privacy. EHRs have not yet reached these goals. They fall short for those who depend5 on secure, timely, com- plete, accurate, and authentic information regarding patient health.6

3. See infra, Sects. II.A. & II.B., for the use of “EHR” as a primary term as well as the distinction between EHR vs. EMR (electronic medical record). 4. Peter Garrett & Joshua Seidman, EMR vs EHR—What Is the Difference?, HEALTH IT BUZZ (Jan. 4, 2011, 12:07 PM), http://www.healthit.gov/buzz- blog/electronic-health-and-medical-records/emr-vs-ehr-difference (“EHRs focus on the total health of the patient—going beyond customary clinical data collected in the provider’s office and inclusive of a broader view on a patient’s care.”). 5. People with authorized access to certain information in EHRs include healthcare providers as well as persons in the government, insurance, legal, and other fields. 6. Sue Bowman, Impact of Electronic Health Record Systems on Information Integrity: Quality and Safety Implications, PERSP. HEALTH INFO. MGMT. 1 (2013), http://perspectives.ahima.org/impact-of-electronic-health-record-systems- on-information-integrity-quality-and-safety-implications. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 217

Government mandates7 direct clinicians and hospitals to use EHR systems that lack basic clinical and business records-man- agement tools.8 These mandates do not require compliance with records-management Standards.9 Since buyers were required to purchase and use EHR systems, few tested them for records- management fitness—particularly for discovery and Release of Information (ROI) process support. Two other major U.S. healthcare enterprises, the Veteran’s Administration Health System10 and the Department of Defense’s Military Health Sys- tem,11 have undertaken new EHR systems, also in advance of uniformity in discovery and ROI. Still, all need and expect accu- rate information. In time these systems will support records- management requirements. Until that occurs lawful requests for

7. See, e.g., Are There Penalties for Providers Who Don’t Switch to Electronic Health Records (EHR)?, HEALTHIT.GOV (Jan. 15, 2013), https://www.healthit. gov/providers-professionals/faqs/are-there-penalties-providers-who-don% E2%80%99t-switch-electronic-health-record (last visited June 20, 2017). 8. The authors hope to mitigate confusion that often arises from the col- loquial term “standard” vs. the term of art “Standard,” the latter which refers to one or more of the reference documents applicable to EHR systems pub- lished by formally credentialed Standards Development Organizations such as Health Level 7, ISO, ASTM, IEEE, and ARMA. To further facilitate clarity, the authors use “requirements” instead of the colloquial “standard” throughout this article. 9. Examples include the ASTM E2017-99(2010) Standard Guide for Amendments to Health Information, ANSI/HL7 EHR RMESFP R1-2010 (HL7 EHR-System Records Management and Evidentiary Support (RM-ES) Func- tional Profile, Release 1), and applicable profiles derived from HL7 EHR- System Functional Model, Release 2. 10. Greg Slabodkin, VA picks Cerner to replace legacy EHR system, HEALTH DATA MANAGEMENT (Jun. 5, 2017, 2:49 PM), https://www.healthdata- management.com/news/va-picks-cerner-to-replace-legacy-ehr-system. 11. Tom Sullivan, DoD awards Cerner, Leidos, Accenture EHR contract, HEALTHCARE IT NEWS (July 29, 2015, 5:01 PM), http://www.healthcareit- news.com/news/dod-names-ehr-contract-winner. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

218 THE SEDONA CONFERENCE JOURNAL [Vol. 18 electronically stored information (ESI) can speed progress and competition by pushing for improvements and for market trans- parency. Absent a regulatory solution, applying sound legal princi- ples of discovery and evidence to EHRs will normalize system requirements in the United States and other countries. Rigorous requirements for records creation, preservation, and produc- tion—which most EHR systems currently lack—will become normal product features. In the interim, it is vital to address EHRs’ shortfalls.

B. Article Scope: Accuracy, Uniformity, and Efficiency This article addresses known problems in a practical way. It offers recommendations for meeting basic needs for better ac- cess, uniformity, and effectiveness in the legal process. This ap- proach stresses efficient and reliable utility for producing au- thentic, accurate outputs suitable for discovery. The intended audience is those engaged in EHR production and in ROI use. The intent is to offer an approach and spur its use, discussion, and improvement. This article addresses EHR systems as “digital records sys- tems,” which are unregulated and vary widely.12 Their discov- ery capabilities range from providing little or no support to meeting or exceeding discovery-supportive Standards.13 EHR systems are used to do the following:

12. See, e.g., Richard Wasserman et al., Comparative Effectiveness Research in EHRs Tower of Babel, AM. ACAD. PEDIATRICS (April 2012), https://www.aap. org/en-us/professional-resources/Research/research-findings/Pages/Com- parative-Effectiveness-Research-in-the-EHR-Tower-of-Babel-Creation-of-a- Multi-Vendor-EHR-Practice-Based-Research-Network.aspx. 13. Id. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 219

1. Gather information from people reporting acts and observations of events in health-care services 2. Gather information from variably regulated or Standards-compliant devices intended to repre- sent acts and observations of events in health-care services 3. Organize already-gathered information into rep- resentations of acts and observations deemed suit- able for use in the operations of the healthcare en- terprise, including the following: a. Clinical care • Information about the patient • Information about services the patient has received • Information about clinical-care providers’ decision-making b. Organization operations • Managing clinical services • Reporting about clinical services • Reporting about the attributes of the digi- tal-records systems (configurations, fea- tures, and functions that support the accu- racy of data and authenticity of records) Information systems that are validated by Standards and by regulatory processes, normalized as trusted data sources—such as most laboratory, imaging, and waveform devices—are be- yond the scope of this article. Many readers may assume that EHR systems produce trust- worthy records. However, digital health-care records systems have configuration settings that can be problematic, or that can be changed at will, including settings that affect record integ- rity. Their outputs are constructs whose conformity to accuracy ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

220 THE SEDONA CONFERENCE JOURNAL [Vol. 18 and veracity depends on the system’s design, configuration, im- plementation, and use. For users, these constructs also include access security that controls who can create, view, or alter rec- ords and even change how the system works. The 2017 False Claims Act settlement with the EHR system vendor eClinical- Works illustrates a number of hazards. The vendor set up its system so it would pass inspection, falsifying its qualification for a federal subsidy program.14 Two former high-level federal officials have said they know of more offenders.15 Regulated devices limit patient harms and liability by com- plying with accepted reference Standards and regulations. They also undergo rigorous validation by independent entities that ensure buyers actually get what is tested. This is not the case for the current EHR system marketplace. EHR improvements will benefit many, including patients, healthcare providers, health- information professionals, and anyone who needs access to ac- curate patient medical and health information.

14. E.g., Evan Sweeney, eClinicalWorks Settlement Hints at Broader Certifica- tion Infractions Throughout the EHR Industry, FIERCEHEALTHCARE (June 2, 2017, 9:19 AM), http://www.fiercehealthcare.com/ehr/eclinicalworks-settle- ment-false-claims-act-ehr-certification-onc. 15. Id. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 221

II. EHRS IN CONTEXT

A. EHRs in the United States In recent years, federal initiatives and mandates have di- rected most hospitals and providers to use EHRs. These direc- tives have emphasized speeding EHR systems into widespread use. The stated objective has been improving information ex- change.16 The Health Information Technology for Economic and Clinical Health Act (HITECH Act)17 provided the framework for incentives, punishments, and exemptions. The first years of the program provided for rewards. Firms that delay implementa- tion face penalties in the form of reduced Medicare payments.18 Before HITECH, the federal government tried other ways to hasten EHR adoption. It initially tried creating common func- tional requirements as a Health Level 7 (HL7) Standard.19 Next,

16. Most public and private healthcare providers and other eligible pro- fessionals must have adopted and demonstrated “meaningful use” of elec- tronic medical records to maintain their existing Medicaid and Medicare re- imbursement levels by January 1, 2014. American Recovery and Reinvestment Act of 2009, Pub. L. 111–5, 123 Stat. 115 (codified at 16 U.S.C. § 2601 (2012) & 42 U.S.C. §§ 1201, 15801). 17. HITECH Act, 42 U.S.C. § 300jj (2012) & 42 U.S.C. § 17921. 18. American Recovery and Reinvestment Act of 2009 (ARRA), Pub. L. No. 111–5, div. B, tit. IV. (2009); see also Are There Penalties for Providers Who Don’t Switch to Electronic Health Records (EHR)?, supra note 7. 19. For more information on the Department of Health and Human Ser- vices contract with HL7 to develop the EHR System Functional Model, see generally HEALTH LEVEL 7 INT’L, HL7 EHR SYSTEM FUNCTIONAL MODEL: A MAJOR DEVELOPMENT TOWARDS CONSENSUS ON ELECTRONIC HEALTH RECORD SYSTEM FUNCTIONALITY: A WHITE PAPER (Health Level Seven, ® Inc., 2004), https://www.hl7.org/documentcenter/public_temp_BDFDBDC4-1C23- BA17-0CD07E20AB751FE8/wg/ehr/EHR-SWhitePaper.pdf. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

222 THE SEDONA CONFERENCE JOURNAL [Vol. 18 it moved on to EHR system certification based on formal stake- holder consensus.20 Most recently it changed to the minimalist of the Meaningful Use program.21 Support for legally-required disclosure and discovery activity remains absent. The federal government intentionally omitted such support22 and, until re- cently, omitted reference to pertinent Standards.23 Recent events

20. About CCHIT, CERTIFICATION COMM’N FOR HEALTH CARE INFO. TECH., https://www.cchit.org/about/ (lasted visited June 15, 2017). 21. Electronic Health Record Incentive Program—Stage 1, Final Rule, 42 C.F.R. pt. 495 & 45 C.F.R. pt. 170; Electronic Health Record Incentive Pro- gram—Stage 2, Final Rule, 77 Fed. Reg. 53,968–54,162 (September 4, 2012); Electronic Health Record Incentive Program—Stage 3, Final Rule, 80 Fed. Reg. 62,761–62,955 (October 16, 2015). 22. See, e.g., DANIEL R. LEVINSON, U.S. DEP’T. OF HEALTH & HUMAN SERVS. OFFICE OF INSPECTOR GEN., NOT ALL RECOMMENDED FRAUD SAFEGUARDS HAVE BEEN IMPLEMENTED IN HOSPITAL EHR TECHNOLOGY (2013), https://oig.hhs.gov/oei/reports/oei-01-11-00570.pdf. 23. See Oh, the Places Data Goes: Health Data Provenance Challenge, CCI INNOVATION CENTER, https://www.cccinnovationcenter.com/challenges/ provenance-challenge/ (last visited June 20, 2017). The Dep’t. of Health and Human Servs. Office of the Nat’l Coordinator for Health Info. Tech. (ONC) announces winners and description of its Health Data Provenance Chal- lenge. The ONC appears to provide the first formal reference by a Federal Health IT authority to a Standard addressing EHR reliability for legal pro- cesses—the HL7 EHR System Functional Model: Several standards activities help frame “record lifecycle events,” which represent key points at which audit or prov- enance data should or could be applied. Such standards in- clude, but are not limited to: • The electronic health record system functional model (EHR-S FM). • The HL7 Fast Healthcare Interoperability Resources (FHIR®) EHR-S Record Lifecycle Event Implemen- tation Guide (RLE IG) for FHIR’s second and third trial use releases. Id. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 223 may signal growing federal oversight of the Meaningful Use program24 and to EHR system accountability.25 But, for the fore- seeable future, healthcare providers will still use varied, non- interoperable technologies for their records. Meanwhile a healthcare entity must still meet its records- keeping obligations. It remains essential to maintain complete and accurate medical records. Healthcare-provider licensing and certification laws still enforce the proper upkeep and preservation of health-care records. Health-care quality and continuity remain the primary rationale for promoting EHRs,26 although the law does not yet require robust safety, security, privacy, and records-management functions.27 Until these are

24. See, e.g., DANIEL R. LEVINSON, U.S. DEP’T. OF HEALTH & HUMAN SERVS. OFFICE OF INSPECTOR GEN., MEDICARE PAID HUNDREDS OF MILLIONS IN ELECTRONIC HEALTH RECORD INCENTIVE PAYMENTS THAT DID NOT COMPLY WITH FEDERAL REQUIREMENTS (June 2017), https://oig.hhs.gov/oas/reports/re- gion5/51400047.pdf. 25. See Evan Sweeney, eClinicalWorks settlement hints at broader certification infractions throughout the EHR industry, supra note 14. 26. Additional potential advantages include the ability to exchange com- plete health information about a patient in real time; automatic reminders for alerts, visits, and screenings; electronic prescribing, which allows physi- cians to communicate directly with pharmacies, thereby reducing errors and saving time by eliminating lost prescriptions; and automatic checks for aller- gies or potentially dangerous drug interactions. 27. The law does not fully specify safety, security, and privacy functions, and where they do exist in stated requirements such as in the federal Mean- ingful Use program, there is no field-inspection regime to ensure deployed systems in patient care have enabled them. The Office of Civil Rights has no mandate to evaluate prospectively or otherwise assure EHR systems’ pri- vacy and security competences—it is only required to respond to individu- als’ complaints. See LEVINSON, supra note 22, at 11 (referencing incapacitated or vulnerable audit functions). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

224 THE SEDONA CONFERENCE JOURNAL [Vol. 18 required, they remain underdeveloped.28 Therefore discovery management will remain a challenge for a long time, demand- ing a systematic approach.

B. “EMR” vs. “EHR” The terms “electronic medical record” (EMR) and “elec- tronic health record” (EHR) sometimes cause confusion. EMR and EHR can have discrete meanings. According to HealthIT.gov, an EMR contains the medical and clinical data gathered in one provider’s office, while an EHR includes more comprehensive patient information.29 An EMR is still more use- ful than a paper record because it allows providers to: • track data over time; • identify patients who are due for preventive visits and screenings; • monitor patients’ well-being by comparing certain parameters such as vaccinations and blood pressure readings against recom- mended ranges; and • improve overall quality of care. An EMR is a digital version of a paper chart that contains a patient’s complete medical history for a single organization. In- formation may be difficult to share with providers outside of the practice since integrating information from multiple settings isn’t within the scope of an EMR. For example, a provider might

28. These persistent gaps may provide additional incentives for EHR im- provements, but they are outside the scope of this article. 29. For more information about EMRs and the differences between EMRs and EHRs, see What Is an Electronic Medical Record (EMR)?, HEALTHIT.GOV, http://www.healthit.gov/providers-professionals/electronic-medical-rec- ords-emr (last updated Sept. 22, 2016). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 225 have to save a patient’s record on physical media such as a USB drive or print it out for mail delivery. By contrast, an EHR contains an information set that may include contributions from independent cooperating organiza- tions. Authorized providers and staff across more than one healthcare organization can create, manage, and consult EHR data. Unlike EMRs, EHRs can also allow a patient’s health rec- ord to follow them to other healthcare providers, specialists, hospitals, nursing homes, and geographic regions. EHRs and EMRs share the same challenges in discovery and the ROI process, so their differences aren’t material here. In this article, for simplicity, we adopt the HITECH convention and use only the term “EHR.”

C. How EHR Systems Work Generally speaking, when a patient interacts with a clinical organization and when they receive medical care, an event is recorded in the EHR. An individual from the healthcare pro- vider’s practice may supplement or create a record of that visit in the provider’s computer system by selecting the patient’s name and inputting data using screen prompts. Input timing can vary, as can its format. For example, the input may involve checking a box; highlighting and entering a character or mes- sage; entering a number or value; answering yes or no; typing, dictating, touching, or voice commanding a response; or a com- bination of these methods. Additional personnel or the individ- ual patient may also input data into records. In addition, the system may place machine-created data, like dates and times, directly into the patient’s record. ESI in the database may not always include what the user saw in the input process, includ- ing prompts. Likewise, previously existing information entries scanned into a record may lack sources, context, or other im- portant indicia describing the information. Under these and ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

226 THE SEDONA CONFERENCE JOURNAL [Vol. 18 other circumstances, the date and time of the event reported may be different from the date and time the EHR actually rec- ords. If anyone properly requests a patient’s record, the practice organization uses the computer system to produce a report. It may be produced by the “main” EHR software with dedicated report-generating software that queries other systems. The re- port may be a hybrid that includes information collected manu- ally from multiple data repositories. The report may not resem- ble the screens the inputters used to create the record. The report itself may vary in content and appearance depending on who generated it, when they generated it, and what system version and settings they generated it with. Large-scale practices and hospitals now create the bulk of their records electronically. These large organizations are more likely to aggregate data from multiple systems into their EHRs. Hospitals increasingly integrate or own medical-office prac- tices, which means further combining of records systems. Addi- tional healthcare-provider entities, such as extended-care set- tings, rehabilitation facilities, and home-health services, add to the variability of EHR storage and production. The expanding list of professionals who provide direct care—including phar- macists, care coordinators, and alternative-care consultants— adds to the challenges because each professional may have a “personal device” for accessing and contributing to the records of care. A healthcare organization may have several different EHR systems because of wide-ranging business requirements, pay- ment sources, professional guidance, regulations, and reporting duties. Each of their EHR systems may support a part of their production obligations. Data exchanges among these systems further complicate trust, especially because each system is likely ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 227 to be unregulated and to vary in design, configuration, imple- mentation, training, and use. Thus, even when someone re- quests the production of an EHR, he or she probably lacks the software to process the information into an accurate and usable record. Patient data can be inconsistent in form and location.30 It can also be under multiple different records managers. It may even reside outside the healthcare organization itself, as illustrated by Table 1, infra. Even if it is relevant, some types, such as peer- review and quality-assurance records, may not be accessible due to rules that prevent disclosing such information.

Health-Care Record Maintaining Organization Peer-review activities Healthcare organizations, including meeting minutes, providers, accountable care records, and reports organizations (ACOs), patient centered medical homes (PCMHs), and health plans Incident reports and risk- Healthcare organizations, management data providers, ACOs, PCMHs, and health plans Patient complaints Healthcare organizations, providers, ACOs, PCMHs, and health plans Patient-safety data Healthcare organizations, providers, ACOs, PCMHs, and health plans Utilization-management and Healthcare organizations, profiling data providers, ACOs, PCMHs, and health plans

30. See infra Sect. III.A. (addressing terminology regarding attentiveness to the means by which parties create and store data, evolving within Stand- ards Development Organizations). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

228 THE SEDONA CONFERENCE JOURNAL [Vol. 18

Health-Care Record Maintaining Organization Case-management records Healthcare organizations, providers, ACOs, PCMHs, and health plans Clinical-documentation- Healthcare organizations, improvement communication providers, ACOs, PCMHs, records and health plans Quality-improvement records, Hospitals, health departments, including meeting minutes and the National Institute of and reports Health (NIH) Morbidity and mortality Hospitals, Ambulatory records, including meeting Surgical Centers (ASCs) minutes and reports Surgical-case-review reports Hospitals, ASCs Operating room records such Hospitals, ASCs, and health as logs and call schedules departments Infection-control committee Hospitals and providers records, including meeting minutes and reports Grand rounds presentations Accrediting agencies and healthcare organizations Survey reports and Healthcare organizations, recommendations from the providers, ACOs, PCMHs, Joint Commission and other and health plans accrediting agencies State inspection reports and States and healthcare recommendations organizations Credentialing committee Healthcare organizations records, including meeting minutes and reports Licensing applications Licensing agencies and healthcare organizations Health Information Portability EHR systems and patients Accountability Act (HIPAA) audit and system access logs ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 229

Health-Care Record Maintaining Organization Clinical pathways and care Providers and healthcare protocols organizations Patient ombudsman records Hospitals, ASCs, ACOs, PCMHs, providers, health departments, and health plans Continuing education and Providers and healthcare training programs and organizations materials for providers and staff Policy and procedure manuals Providers and healthcare organizations Databases Providers; healthcare organizations; patients; and EHR, personal health record (PHR), and other clinical biomedical systems System metadata EHR and clinical biomedical system data System ephemeral data EHR and clinical biomedical system data Clinical-decision-support Healthcare organizations, system protocols providers, EHR systems Personal health records Patients, providers, third- (PHRs) party service providers, healthcare organizations, and EHR systems Texts and instant messages Providers, patients, staff, healthcare organizational and personal devices (such as laptops, smartphones, and tablet computers), and third- party service providers ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

230 THE SEDONA CONFERENCE JOURNAL [Vol. 18

Health-Care Record Maintaining Organization Voicemail records Providers, patients, staff, and healthcare organizations (organizational and relevant personal voicemail files) Email records Providers, patients, staff, and healthcare organizations (organizational and relevant personal email files) Information from social-media Healthcare organizations, websites, including Facebook, providers, patients, and third- LinkedIn, Twitter, Yammer, party service providers and YouTube Table [1]: Examples of Health-Care Records That May Contain Litigation- Relevant Information31 In addition to the large number of record types a healthcare organization may collect, generate, or maintain, there may be just as many sources and/or repositories storing—and some- times losing—this data, as indicated in Table 2. Like the record types in Table 1, the organization may not include information from the sources in Table 2 in its definition of its official EHR, even though it could be relevant in civil litigation or a regula- tory investigation. Because an organization’s EHR system is likely a compilation of multiple systems even in office settings, traceability back to the entry origination for each input will be- come increasingly necessary. These originations will include relevant communications or accessory records in legacy for- mats, consistent with existing EHR Normative Standards.32

31. Kimberly Baldwin Stried Reich, The Electronic Health Record as Evidence, 297, HEALTHCARE INFORMATION TECHNOLOGY EXAM GUIDE FOR COMPTIA HEALTHCARE IT TECHNICIAN & HIT PRO CERTIFICATIONS, 312-313 (Kathleen A. McCormick & Brian Gugerty eds., 2012). 32. See, e.g., HEALTH LEVEL 7 INT’L, HL7 EHR-SYSTEM FUNCTIONAL MODEL, RELEASE 2 § RI.1.1.1 (2014). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 231

Data Sources to Consider in the Healthcare Institution Enterprise EHR System(s)  Native Display  Audit Trails  Metadata  Annotations  Clinical-Decision Support  Discrete Departmental Systems  Radiology  Lab/Pathology  Anesthesiology  Labor and Delivery  Reporting Systems  Security Systems  Auditing/Metadata Management Systems  Radiation Oncology Record Systems  Emergency Department Record Systems Health Information Exchange Functions  Import/Receive Management  Export/Send Management  Records Constructed for Interoperable Transfer of Data Pharmacy/Prescribing  Orders Management (capture, fulfillment)  ePrescribing to External Resources  Medication Reconciliation  eRx Decision Support settings, prompts, and warnings Paper Sources (internal)  Remaining Paper Sources (e.g., handwritten sheets in radiology folders, writing on fetal monitoring strips, crib sheets)  Legacy Paper Charts Billing/Coding ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

232 THE SEDONA CONFERENCE JOURNAL [Vol. 18

Data Sources to Consider in the Healthcare Institution Emails  Patient/Provider  Provider/Provider  Non-provider Clinical Staff  Provider/Patient-authorized Support Personnel (family and home-health organizations)  Communications with the Vendor External Health Records  Paper  Scanned  PHR  Apps Raw Data  Lab Values  Imaging Studies  Transcription Recordings  Voice-recognition Audio Files Legacy Data  Outdated Systems Administrative Data  Scheduling  Follow-up Letters  Reporting  Quality Measures  Adverse Events  National Notifiable Conditions Other Potential Sources  Cloud-based Systems  Patient Portals  Social Networking  Video Conferences  Audio Conferences ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 233

Data Sources to Consider in the Healthcare Institution  Medical Devices  Texts  Smartphones  Tablets  Internet Advertising  Dictation Transcriptions  Research Projects  Patient Mobile Devices Table [2]: Data Sources to Consider in the Healthcare Industry

D. “Authenticity” in EHRs Defining “authentic” is a cornerstone for digital records dis- covery. “Authentic” means “[g]enuine; true; having the charac- ter and authority of an original; duly vested with all necessary formalities and legally attested; competent, credible, and relia- ble as evidence.”33 Evidence is required “sufficient to support a finding that the item is what the proponent claims it is.”34 Therefore, authenticity has three parts: 1. For what purpose is the record offered? 2. Is the record what it claims to be? 3. What evidence authenticates the reliability of the record’s claim? How do parties in litigation reach agreement on all three, es- pecially on supporting evidence? Healthcare often confronts this problem because, as a regulated industry, there are many records-keeping duties. The descriptions of necessary records

33. Authentic, L. DICTIONARY, http://thelawdictionary.org/authentic (last visited June 9, 2017) (citing Downing v. Brown, 3 Colo. 590 (1877)). 34. FED. R. EVID. 901(a) (“To satisfy the requirement of authenticating or identifying an item of evidence, the proponent must produce evidence suffi- cient to support a finding that the item is what the proponent claims it is.”). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

234 THE SEDONA CONFERENCE JOURNAL [Vol. 18 may only have content requirements and provide no infor- mation about data supporting authentication, such as the iden- tity of the information source, date and time stamping, or cross- check verification.35 The Joint Commission’s Hospital Accreditation Standards include minimum content requirements36 and guidelines for ac- curacy.37 Proving legal authenticity, however, may require more specific and complete information. Eventually records require- ments will include both content and authentication specifica- tions. Until then, discovery will improve using the approach proposed in this article. One part of that approach uses the organization’s infor- mation governance38 policies, procedures, and bylaws. These

35. For an example of a content-only authoritative records requirements description, see THE JOINT COMM’N, 2016 HOSPITAL ACCREDITATION STANDARDS, RC-1 (2016), Discharge Summary: (T)he medical record includes a concise discharge summary that includes the following: • The reason for hospitalization • The procedures performed • The care, treatment, and services provided • The patient’s condition and disposition at discharge • Information provided to the patient and family • Provisions for follow-up care 36. THE JOINT COMM’N, 2016 HOSPITAL ACCREDITATION STANDARDS, RC-6 (2016). 37. Id. at RC-5. 38. “Information governance” is “an organization’s coordinated, interdis- ciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value.” The Se- dona Conference, Commentary on Information Governance, 15 SEDONA CONF. J. 125, 126 (2014). The Commentary on Information Governance provides princi- ples and useful guidance to organizations for setting up efficient & effective systems responsive to the competing needs for them. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 235 describe how the entity assures records reliability. For example, these may stipulate the minimum professional credentials for creating and changing certain clinical records. Examples in- clude the following: • Problem List: Commonly intended to inven- tory the physiologic, behavioral, and/or social challenges that a patient is addressing • Medication List: Commonly intended to in- ventory the patient’s current and past medica- tions The security audit—showing records’ creation and changes—then becomes another key to authentication. In an ROI, the record produced also claims to be responsive to the recipient’s request. What if the released record is designed to be authentic for one purpose but gets used for another pur- pose? What if it appears to be in compliance, imitating but not achieving authenticity? This can be an unintended consequence of EHR systems, as generated information may be used for many purposes. It may increase the risk that records will cor- rectly support authenticity for one use but not for another use. For example, information recorded in writing a prescription au- tomatically populates other records (e.g., Medication List). In this instance the Medication List is no longer a record created by a single individual in the regular course of documentation. It is compiled from records for prescriptions written elsewhere in the system and captured automatically into other records. It may also include information received from a different organi- zation (such as another clinical facility or a pharmacy). This isn’t a problem unless there can be misunderstanding. If the auto- matically compiled Medication List is confused with a Medica- tion List carefully gathered and accuracy-checked by a medical professional, then an authenticity problem may arise. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

236 THE SEDONA CONFERENCE JOURNAL [Vol. 18

As a result, an ROI for a Medication List can draw on two significantly different records: 1. an inventory of the medications a patient is taking, assembled carefully by an individual profes- sional, with each item verified against the pa- tient’s collection of medications, and confirma- tions with pharmacies; and 2. an electronic compilation assembled by the EHR system gathering information from various input sources, then designated by the organization as the “official Medication List” for ROI responses. The second example, a machine’s automated list, is correct in an ROI as long as it claims only to be an electronically assem- bled Medication List. If this compiled list is mistaken for or claims to be a verified inventory of the patient’s medicines (ex- ample no. 1 above), it may not provide evidence of authenticity. If both Medication List types are used, both can be relevant and can be authentic if each properly claims what it is, adequately differentiated. Each will require sufficient evidence to support its correct use, especially when one is considered more useful for clinical decisions than the other. Medication List differences can be further complicated be- cause one part of an EHR system may create a record that an- other part of the system doesn’t recognize. For example, a pro- vider’s record of the cancellation of a prescription may fail to get to the pharmacy record. The provider’s Medication List will show that the pharmacy was told to stop the drug and will show the drug has been stopped. The pharmacy Medication List will still include the drug and the patient will continue to get it. The provider and the pharmacy will both have a Medication List that is supposed to be the same, but they will not be the same. Another common record is the Operative Note. Since each one is a record of a routine procedure each may appear very ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 237 similar. This repetition is reasonable and intentional. For in- stance, an Operative Note for a common procedure will look similar to Operative Notes for other patients. The Operative Note might be partially or entirely completed before the sur- gery, with the intent to amend it if something non-routine oc- curs. A proper audit-trail record will show whether or not it was written before the surgery. Evidence about authentication can also show other potentially discrediting anomalies. For exam- ple, the audit trail may show the Operative Note was created at an unlikely day and time by an unlikely individual, e.g. “signed” by someone on vacation. The version of “Operative Note” produced by a given EHR system may not meet the re- questor’s reasonable expectations. A system’s designated gen- eral-purpose “Operative Note” output may have too little detail or insufficient supporting data to be considered reliable, and so it will be insufficient for use in litigation. It may require several additional queries from the requestor to receive sufficient infor- mation in enough detail to, collectively, provide a reliable Op- erative Note. In time, EHRs will achieve their full value by providing suf- ficient information to explain what it is, fully meet content spec- ifications, and include the basis for its authentication.

E. ROI Authenticity Once record authenticity is addressed, the next challenge is evaluating the ROI process. Since electronic records systems also produce these in different ways, as a type of report, it is also a record. As a kind of record, produced by automated processes, questions may arise regarding the authenticity of the ROI prod- uct itself. Key elements are the same. What does the ROI re- sponse claim to be? Is it a general ROI in response to a patient request or a more detailed ROI response, such as for litigation? Ultimately, in the context of using records in litigation, when ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

238 THE SEDONA CONFERENCE JOURNAL [Vol. 18 there’s a challenge to authenticity, the producer of the infor- mation must be prepared to meet foundation and admissibility challenges. In most circumstances, authenticity of an ROI may not be in question. However, in complex and detailed discovery projects, assuring mutual understanding of the specific nature of the electronic record becomes important in order to avoid inci- dental differences between what the ROI response represents and what parties believe it to be. When circumstances arise that merit this additional layer of clarity, the recipient asks questions about where the record came from, and how it was originated, retained, and produced. This will speed parties past misunder- standings that can cause contentious challenges to authenticity.

F. EHR System Characteristics Impeding Data Quality and Records Consistency The widespread use of EHR systems in the United States is relatively recent, even though they have been developing for decades, primarily to facilitate expedited records creation and recovery as well as billing and payment support. Increasing speed in records creation at the expense of thoughtful input39 has resulted in a greater risk of degrading the reliability, accu- racy, and authenticity of patient-care records. Unexpected problems have included copying functions that risk reproducing information from record to record in ways that result in incorrect author, date, and time attributions, or func- tions that misrepresent amended records as unaltered.40

39. Robert S. Foote, The Challenge to the Medical Record, 173 JAMA INTERNAL MED. 1171–72 (2013). 40. Evan Sweeney, EHRs Assist Home Health Provider in $21.5 Million Over- billing Scheme, FIERCEHEALTHCARE (July 8, 2016, 11:51 AM), http://www. fiercehealthcare.com/antifraud/ehrs-assist-home-health-provider-21-5-mil- lion-overbilling-scheme. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 239

Healthcare payment systems, including recently introduced value and merit-based payment models, have added another hazard: the risk of receiving an inappropriately high payment for health-care goods and services.41 However, EHR system de- sign did not prioritize reliable records production for legal and regulatory processes, and purchasers’ specifications often ex- cluded it. The lack of controls for appropriate records creation and management has permitted—and, in some respects, re- warded—variances from accepted requirements for clinical and business records.42 Other contributors to variances in health- care digital-records systems include the following factors: 1. Initial development of these systems predated in- expensive data-processing and data-storage (memory) capabilities. 2. Development of these systems were initiated in highly professionalized environments with rela- tively strong cultures of ethics, peer review, and professional norms conducive to reasonable pre- sumptions of honesty and integrity among uses and users. 3. National policy and programmatic incentives ac- celerated the adoption of digital patient records systems without constraints, oversight, or market transparency for product qualities or defects.43

41. Id. 42. Barbara Drury et al., Electronic Health Records Systems: Testing the Limits of Digital Records’ Reliability and Trust, 12 AVE MARIA L. REV. 257, 257–89 (2014). 43. Dan Bowman, EHR Fraud Recommendations Remain Unimplemented, HHS Inspector General Says, FIERCEHEALTHCARE (April 13, 2016, 12:29 PM), http://www.fiercehealthcare.com/ehr/ehr-fraud-recommendations-remain- unimplemented-hhs-inspector-general-says; U.S. DEP’T OF HEALTH & ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

240 THE SEDONA CONFERENCE JOURNAL [Vol. 18

4. Case law always lags behind new technologies. It has taken time for courts to generate sufficient rul- ings to inform courts on the unique attributes of EHRs. 5. EHR system contractual obligations may impede reporting of anomalies except to the vendor.44 Advancing EHRs as reliable records will also improve the systems’ abilities to provide the right information (data sets) in the right way (format) at the right time. To achieve this in the absence of national requirements, it is important for producing entities to test their EHR systems and meticulously review (and periodically reassess) outputs to understand what their systems will produce. Determining reasonable expectations of ROI pro- duction requests can be challenging, although at least one com- mentator notes that it is reasonably likely that the producing en- tity’s efforts will be a “failure.”45 A proactive approach is necessary to identify and mitigate potential data-quality and record-consistency risks. To guard against and minimize miscommunications consistently with The Sedona Conference Cooperation Proclamation,46 parties in litigation should agree to initial steps that maximize opportunities to

HUMAN SERVS. OFFICE OF INSPECTOR GEN., COMPENDIUM OF UNIMPLEMENTED RECOMMENDATIONS 45 (2016), https://oig.hhs.gov/reports-and-publica- tions/compendium/files/compendium2016.pdf. 44. Ross Koppel & David Kreda, Health Information Technology Vendors’ “Hold Harmless” Clause: Implications for Patients and Clinicians, 301 JAMA 1276, 1276–78 (2009). 45. CRAIG BALL, THE PLAINTIFF’S PRACTICAL GUIDE TO E-DISCOVERY, Part I, at 2 (2005), http://www.craigball.com/EDD-The%20Practical%20Plaintiffs %20Guide.pdf. 46. See generally The Sedona Conference Cooperation Proclamation: Resources for the Judiciary, THE SEDONA CONFERENCE (2014), https://thesedonaconfer- ence.org/publication/The%20Sedona%20Conference%C2%AE%20Coop eration%20Proclamation%3A%20Resources%20for%20the%20Judiciary. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 241 demonstrate equal commitments to transparency and good faith. As experience with EHRs increases, the bar for “reasona- ble expectations” will rise. In the meantime, recommendations to act early and often to facilitate communications and engage relevant expertise are particularly important to situations in- volving EHRs in discovery. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

242 THE SEDONA CONFERENCE JOURNAL [Vol. 18

III. EHRS IN DISCOVERY

A. Discovery of Electronically Stored Information (ESI) in General Four overarching observations govern our discussion of the role EHRs play in discovery: 1. Information sheds light on the truth. 2. Electronic discovery (eDiscovery) affords access to information in more locations than were ever previously possible. 3. Judges determine the scope of access to the infor- mation. 4. Lawyers must know about where information re- sides, the culture of information, the rules and laws that govern access, and how to gain or re- strict access to information. The legal system depends on information to achieve justice. Judges and juries must be impartial arbiters and factfinders, and they depend on the information that parties and their represent- atives present to do so. Logically, increasing the amount of rel- evant, accurate information available to factfinders in an orga- nized and comprehensible fashion will also increase the chance that they can achieve justice. The availability of ESI in the digital age creates the oppor- tunity to provide greater access to searchable, relevant infor- mation and maximize its quantity, quality, accuracy, clarity, economy, and availability. People can systematically and properly create, store, preserve, update, correct, and share the information in digital media in well-designed, well-operated systems. In theory, all these advantages may apply to EHRs and sup- port their reasonable use without compromising security, pri- vacy, and accuracy. “Reasonable use” means the ability to offer ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 243 economical, efficient, and timely access, searching, and under- standing of accurate information. The users or stakeholders in- clude patients, healthcare providers, insurers, and other entities or persons with legitimate legal and business needs for the in- formation. Accuracy is critical to all these functions. Users can only attain it by receiving and understanding complete and au- thentic records validated to their requirements. Healthcare-sector ESI systems could be major factors in achieving economical and efficient justice. To attain this goal, stakeholders must properly design, implement, train, and gov- ern these systems. This is the only way to assure they properly create information, paying attention47 to how it originated48 and how the systems retain,49 preserve, access, and produce it. The same diligence, applied with an equal level of rigor, in managing a system’s ability to produce ROI responses (e.g., to create, store, preserve, update, correct, and share ROI re- sponses) can make the interaction between the producing party and the justice system easier, faster, and less expensive.50 To ac-

47. Improved specificity, using for example “originate” and “retain,” of- fers means to differentiate the multiple meanings of “originate,” for input- ting by keyboard, mouse, template, or voice, including discarding as ephem- era erroneous initial data capture or other “draft” records. Detailed treatment of these terms is outside the scope of this article. 48. See Lifecycle Events in PROV Model format with definitions as EHR-LC Events_Vocab_v0.5.5, 5, HEALTH LEVEL 7 INT’L , http://wiki.hl7.org/index.php? title=Record_Lifecycle,_Security,_Privacy,_and_Provenance_Vocabulary_ Alignment (downloadable resource document defining “To Originate”) (last visited June 16, 2017). 49. See id. at 6 (defining “To Retain”). 50. Conversely, litigants have attempted to abuse the eDiscovery process to increase the burdens and costs for a responding party. A well-designed system curbs such abuse by creating transparency in the process of search ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

244 THE SEDONA CONFERENCE JOURNAL [Vol. 18 complish these goals, organized and effective information gov- ernance can enhance the management of information in a given healthcare-sector ESI system.51 Metadata is one tool in ROI production and management that provides the contextual corroboratory information neces- sary for a finding of authentication and admissibility. In the au- thors’ opinions, well-designed systems will eventually verify and confirm ESI accuracy using contextual metadata.52 How- ever, if people do not conscientiously design and operate ESI systems,53 the systems will not properly and efficiently retain, preserve, and produce data. Costs will increase, which will deny or delay access to relevant information. In the legal sys- tem, justice delayed is often justice denied. The challenge is the current variability in systems’ abilities to create, store, preserve, update, and correct data. This creates opportunities for controversy, as well as potential vulnerabili- ties to misinterpretation or anomalies and defects in records and records management. The benefits of all advances in trust—discussed here in the context of discovery—will also extend to patient care and clini- cal operations, in addition to secondary and tertiary benefits for pharmaceutical trials and population health. Until healthcare

and production which permits the producing party to defend the compliance process to the opposing party and, if necessary, the court. 51. The Sedona Conference, Commentary on Information Governance, supra note 38. 52. See, e.g., James G. Meyer et al., Electronic Medical Records: Metadata as Evidence in Litigation, 101 ILL. B.J. 422, 424 (2013) (“The file Metadata com- pared to the DICOM video clip embedded Metadata implied an intentional manipulation of the data in order to alter the events that actually occurred.”). 53. People must also properly configure and implement well-designed systems and train users to achieve reliability, accuracy, authenticity, and ef- ficiency. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 245

ESI systems achieve reasonable use in discovery as a matter of course, early and systematic communications between parties will be prudent and necessary to minimize burdensome contro- versies and costly misunderstandings. To this end, the proposed use of eDiscovery agreements, conferences, and the hierarchical model of EHR disclosure are proposed below.

B. EHR Discovery Challenges and the Necessity of Expertise Privacy interests, proportionality, and economical practical- ities may constrain or expand discovery. In the case of medical records, relevant, non-privileged, and otherwise discoverable documents and other EHR system-generated data should be reasonably accessible to parties and, ultimately, factfinders. To effect disclosure in an economical and efficient manner, the in- formation must be in a reasonably usable format.54 In the case of digital medical records, this is generally easier to say than do because people inconsistently manage EHRs. Again, early com- munication will facilitate ease of use. Expertise is necessary for effective analysis and communica- tion, especially for determining when reliability and accuracy variations matter. A broad spectrum of potential causes of ac- tion is relevant to assessing the materiality of reliability and ac- curacy variances in EHRs. Personal-injury cases are just one cat- egory of legal needs for EHRs. These records may also be critically relevant to criminal prosecutions for rape, child abuse, or physical assault. Family-law matters may involve medical is-

54. Federal and many state rules anticipate the need for and importance of a “reasonably usable form” of production. See FED. R. CIV. P. 34(b); FLA. R. CIV. P. 1.350(b) (“If a request does not specify a form for producing electron- ically stored information, a party must produce it in a form or forms in which it is ordinarily maintained or in a reasonably usable form or forms.”); MASS. R. CIV. P. 34(a)(1)(A). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

246 THE SEDONA CONFERENCE JOURNAL [Vol. 18 sues requiring EHR production. Medical-malpractice and med- ical product-liability actions almost universally require medi- cal-record evidence production. In such cases, the defendant healthcare provider or product manufacturer may need broad access to relevant EHRs as much as or more than the patient does. EHR production is essential to—and provides diverse chal- lenges in55—many administrative actions, including workers’ compensation, disability determination, entitlement to Veterans Administration services, and healthcare oversight. EHRs may also serve as critical evidence in False Claims Act litigation against healthcare providers. The need for trustworthiness assurance will vary, and, in some contexts, veracity is not essential. When such assurances are pertinent, the extraordinary variations in deployed EHR systems further underscore the importance of having or retain- ing special expertise to understand fully and process the infor- mation—as well as the attributes of the systems—to authenti- cate and determine its admissibility to a legal proceeding. The patient normally requires legal representation and may need medical or technical experts to assist with preservation and au- thentication tasks when an EHR is involved.56 At the outset of discovery, the requesting party’s attorney may not have the technological know-how to formulate a proper request that encompasses what he or she needs. The at- torney may also lack the technical expertise to understand the

55. See, e.g., Position Statement by the Texas Medical Board on Electronic Med- ical Records, TEX. MED. BD. (April 2015), http://www.tmb.state.tx.us/ idl/1FDE72F2-F7E7-781B-986A-B5F1AD32BC3D. 56. Patient requests for information for non-legal needs are clearly not “discovery,” but will nonetheless lead to the production of records similarly at risk for uncertainties or misinterpretation, which would similarly benefit from accuracy and economy. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 247 difficulty and cost of production to comply with the request. He or she may not even know what information to request or how to request it. This difficulty may, in part, originate from the am- biguity and variation among healthcare providers’ EHR sys- tems. The receiving party’s attorney may also observe anomalies or discrepancies in the information produced or non-uniformity of records among multiple healthcare providers. He or she may correctly or incorrectly conclude that these issues demonstrate intentional withholding or alteration rather than lack of uni- formity for generating, maintaining, and producing EHRs. Such presumptions impede effective communication between the parties and increase discovery costs as the requesting party will very often resort to wide-ranging discovery requests in re- sponse to these discrepancies. Absent depositions, the requesting party’s attorney in non- party discovery may have little to no information about how the producing party creates, keeps, and produces the released rec- ords. Depositions can be expensive and sometimes yield scant information about the same matters. In the medical–legal context, the requesting party is entitled to a reasonably useful electronic format, but it is difficult to de- fine a “complete medical record” or “legal health record” or ex- plain how anyone can properly produce such a record.57 It is also hard for the requesting party to confirm that this produc-

57. See infra, Sect. VI, for a full discussion of who appropriately determines what is a “complete medical record” or “legal health record.” Determining what composes a complete medical record for discovery is a legal issue that statute, common law, the scope of relevant discovery as determined by rule or law, agreement of parties to a case, or a combination of those factors may define. It does not depend on the discretion of the record producer or reques- tor alone. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

248 THE SEDONA CONFERENCE JOURNAL [Vol. 18 tion has occurred. For example, a healthcare provider may con- sider its reports to compose a complete record, even though they exclude or transform information entered into that record. Production of such a report may not comply with a producing party’s legal obligations without a record set definition and de- scription. These make sure producer and receiver have the same understanding of the released material. In their absence, a pro- ducing doctor or healthcare provider may have little to no first- hand knowledge of the reason or context for the record request and the actual needs of the requesting party. The legal request for production is generally silent about the intended use of the records, or it is couched in vague, overly broad terms on the scope and type of documents requested. Even given sufficient details, healthcare providers may have neither the legal training nor the time and motivation to discern the meaning of the law- yers’ requests. They are even less likely to consider whether their EHR system has the accuracy or production capabilities the lawyers presume. The person responsible for executing production may be un- familiar with how the EHR system works. He or she may release the production output without close inspection or lack the abil- ity to recognize anomalies or disparities (e.g., partial, truncated, improbable, or impossible statements, and bizarre date and time sequences) or even the “completeness” of the request. These anomalies and incomplete productions may be innocent or intentional. However, current methodologies, coupled with attorney technological ignorance, will not serve to identify these issues or ascertain the reasons for them. In addition to a lack of understanding on both sides of the document-request transaction, differences in vocabulary often lead to ambiguity and fail to meet production needs. Although semantic and definitional issues are problematic in many areas, ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 249 they are especially prevalent in the medical–legal arena. The mi- gration to digital records adds an additional component of tech- nical vocabulary that the parties may lack. These complexities are not unique to healthcare litigation. However, parties must consider requesting special expertise whenever an EHR sys- tem’s variability introduces complications. Again, early, sys- tematic, and effective communication, coupled with coopera- tion between parties,58 are the keys to optimizing EHR discovery.

C. EHR Discovery Processes The legal system accounts for the need for medical infor- mation in statutes, regulations, procedural rules, and common law. Discovery rules are generally procedural rules and may vary in criminal, family, and civil actions, and in federal or state courts. The rules of civil procedure largely determine the scope of discovery that parties are entitled to seek from each other and third parties.59 These rules also limit scope through protections such as relevance, privilege, privacy, undue burden, or propor- tionality. In certain circumstances, a court may award a produc- ing party compensation for the cost of production. The sub- poena power of the courts generally governs how a party may demand production of discoverable information from third par- ties.60 The rules of procedure, as interpreted in the common law,

58. The Sedona Conference, Cooperation Proclamation, 10 SEDONA CONF. J. 331 (2009 Supp.), available at https://thesedonaconference.org/publication/ The%20Sedona%20Conference%C2%AE%20Cooperation%20Proclamation. 59. See, e.g., FED. R. CIV. P. 26(b)(1); FLA. R. CIV. P. 1.280(b)(1); MASS. R. CIV. P. 26; N.Y. C.P.L.R. 3101 (MCKINNEY 2017). 60. A party serving a subpoena requiring the production of ESI must take reasonable steps to avoid imposing undue burden or expense on a person ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

250 THE SEDONA CONFERENCE JOURNAL [Vol. 18 govern the scope of discoverable information,61 and the sub- poena power provides the mechanism for entitlement and, if necessary, court enforcement.62

subject to the subpoena. FED. R. CIV. P. 45(c)(1). A non-party may submit ob- jections to the subpoena based upon undue burden, and when a court issues a subpoena as a discovery device, it measures relevance for purposes of the undue-burden test using the requirements of FED. R. CIV. P. 26(b)(1). See Am. Fed’n of Musicians of the United States & Canada v. Skodam Films, LLC, 313 F.R.D. 39, 44–45, (N.D. Tex. 2015); see also FLA. R. CIV. P. 1.410(c); MASS. R. CIV. P. 26(c); N.Y. C.P.L.R. 3103 (MCKINNEY 2017). 61. See, e.g., Charles v. S. Baptist Hosp. of Florida, Inc., 209 So. 3d 1199 (Fla. 2017) (widening the scope of discovery in interpreting federal peer review or adverse information privilege pursuant to the federal law protection for cer- tain information under the Federal Patient Safety and Quality Improvement Act (“FPSQIA”)). The intermediate appellate court ruled that adverse medi- cal-incident reports that plaintiffs requested pursuant to Article X, § 25 of the Florida Constitution (“Amendment 7”) in their medical-malpractice action constituted privileged and confidential “patient safety work product” pur- suant to the FPSQIA and that the FPSQIA preempted Amendment 7. S. Bap- tist Hosp. of Florida, Inc. v. Charles, 178 So. 3d 102 (Fla. Dist. Ct. App. 2015). Amendment 7 gives patients the right to their health-facility or provider rec- ords, including adverse events that could have caused injury or death. On appeal, the Florida Supreme Court ruled that Congress never intended the FPSQIA to shield document production that Amendment 7 and other provi- sions of Florida law required, and that it did not preempt these Florida laws. See, e.g., Jean Charles, JR., etc., et. al., vs. S. Baptist Hosp., Inc., etc., et. al., 15 Fla. 2180 (Fla. 2017), available at http://www.floridasupremecourt.org/deci- sions/2017/sc15-2180.pdf (last visited June 16, 2017). 62. See, e.g., FED. R. CIV. P. 37. The availability and propriety of sanctions for failure to produce ESI requested in discovery or by subpoena is beyond the scope of this article. Judges have the authority and power to coerce pro- duction or sanction the failure to produce commensurate with the circum- stances of the case under Rule 37, its state equivalents, common law, and the court’s inherent authority and contempt power. Dan H. Willoughby, Jr. et al., Sanctions for E-Discovery Violations: By the Numbers, 60 DUKE L.J. 789 (2010) (finding increasing numbers of cases in which judges applied sanctions for discovery violations in 2009 over prior years). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 251

The judge’s role is to be neutral regarding the parties and non-parties, applying the law fairly to achieve a just result. A court might order the production of relevant evidence, or it could protect a party or witness from his or her production ob- ligation because of an undue burden or substantial prejudice. A party or non-party should attempt to agree with the other side before seeking the judge’s help on insoluble issues of discovery, particularly considering the complexity and variance of modal- ities that ESI and EHR afford. Under these circumstances, the rules for most courts require the parties to “meet and confer.” Meet-and-confer conferences provide an opportunity for the parties to communicate about their concerns relative to both re- questing information and the burdens of any particular produc- tion. The parties can be in the best position to reach agreements concerning the scope and form of electronic discovery that is best tailored to the contours of the particular case. The Federal Rules of Civil Procedure encourage cooperative, rational behavior that leads to efficient, proportional, and eco- nomical discovery. For example, a party is entitled to infor- mation produced in the format he or she requested, if that for- mat is reasonable and necessary to yield relevant information. If that is impossible, and there is no court order to the contrary, the requesting party is entitled to produce the information in another reasonably usable form, unless the parties agree other- wise.63 A court may tax a party that inexplicably fails to maintain its information in a manner that allows production without undue

63. See FED. R. CIV. P. 34(b); FLA. R. CIV. P. 1.350(b); MASS. R. CIV. P. 34(a)(1)(A). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

252 THE SEDONA CONFERENCE JOURNAL [Vol. 18 burden with costs of production.64 Rules of professional respon- sibility ethically bind lawyers to be competent in technology and eDiscovery.65 This includes having a sufficient understand- ing of ESI to understand how to produce EHRs in legal matters. In the context of EHRs, counsel must understand the EHR sys- tem(s) and the lifecycle of records or associate with someone with that expertise. For their part, judges can only remain fair and neutral when they are competent in technology and eDis- covery law. Court action against litigants based on misconcep- tions of new technologies not only frustrates the purpose of the rules, but also sets unfair precedent that may stifle the adoption of life-saving technologies.

D. Relevance and Proportionality in EHR Discovery Proportionality limits the scope of discovery to boundaries consistent with the requesting party’s need, as well as the im- portance of the matters at issue, to protect a producing party from undue hardship.66 The proportionality factors are separate

64. Mazzei v. Money Store, 2014 WL 3610894, at *1–2 (S.D.N.Y. July 21, 2014); Romero v. Allstate Ins. Co., 271 F.R.D. 96 (E.D. Pa. 2010). 65. See MODEL RULES OF PROF’L CONDUCT R. 1.1 (Am. Bar Ass’n 1983); In re Amendments to Rules Regulating the Florida Bar 4-1.1, 6-10.3, 200 So. 3d 1225 (Fla. 2016) (Beginning January 1, 2017, all Florida licensed attorneys must take three hours of technology-accredited continuing legal education credits.). 66. Federal and state common law honored requests for information un- questionably relevant to the legal issues, but when the requests approach the outer bounds of relevance and the information requested may only margin- ally enhance the objectives of providing information to the parties or nar- rowing the issues, the court weighed that request against the hardship to the producing party in light of the issues at stake. See, e.g., Carlson Cos. v. Sperry & Hutchinson Co., 374 F. Supp. 1080, 1088 (D. Minn. 1974); Chrysler Corp. v. Miller, 450 So. 2d 330, 331 (Fla. App. Ct. 1984) (granting certiorari and quash- ing discovery order as unduly burdensome where the cost of complying with discovery was more than the value of the matter at issue). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 253 from the issue of whether producing the information is cumu- lative or unduly burdensome, or the information may be avail- able from another less burdensome source. Communication be- tween the parties achieves discovery that is proportional but sufficient for a given case.67 The December 1, 2015 amendments to the Federal Rules of Civil Procedure elevated proportionality to a scope co-condi- tional with relevance. Rule 26 now provides that discovery must be “proportional to the needs of the case, considering the im- portance of the issues at stake in the action, the amount in con- troversy, the parties’ relative access to relevant information, the parties’ resources, the importance of the discovery in resolving the issues, and whether the burden or expense of the proposed discovery outweighs its likely benefit.”68 Rule 26(b)(2)(C)(iii) requires a court to limit the frequency or extent of discovery when “[iii] the proposed discovery is out- side the scope permitted by Rule 26(b)(1).” The recent amend- ments did not change Rules 26(b)(2)(C)(i–ii). They limit discov- ery that is “unreasonably cumulative or duplicative” or that the requesting party may be able to obtain from “other less burden- some sources.” There was also no change to Rule 26(c), under

67. Judge Paul Grimm opines that: [i]t cannot seriously be disputed that compliance with the “spirit and purposes” of these discovery rules requires co- operation by counsel to identify and fulfill legitimate discov- ery needs, yet avoid seeking discovery the cost and burden of which is disproportionately large to what is at stake in the litigation. Counsel cannot “behave responsively” during discovery unless they do both, which requires cooperation rather that contrariety, communication rather than confron- tation. Mancia v. Mayflower Textile Serv. Co., 253 F.R.D. 354, 357–58 (D. Md. 2008). 68. FED. R. CIV. P. 26(b)(1). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

254 THE SEDONA CONFERENCE JOURNAL [Vol. 18 which the producing party may seek a protective order against “undue burden.” Rule 26(c) retains its utility as an alternative method for challenging requests that seek irrelevant or dispro- portionate information.69 Healthcare litigation is a prime area for the federal courts to apply proportionality requirements, as well as considerations of undue burden and cost. There is no doubt that the increased prominence of proportionality in the amended Federal Rules of Civil Procedure will impact eDiscovery, including EHR discov- ery, in federal (and ultimately state) courts.70 However, the ex- tent to which the amended rules will affect the scope of medical discovery remains undetermined.71 Despite this increased emphasis, relevance remains the pri- mary or threshold issue concerning proportionality for deter- mining EHR discoverability. Establishing relevance involves an

69. Thomas Y. Allman, The 2015 Amendments: Revitalizing the Proportional- ity Principle, 2 (2016), http://www.lfcj.com/uploads/3/8/0/5/38050985/2016 proportionalitytoday_4_19_16.pdf. 70. In state court, applying proportionality may vary from or mirror fed- eral law depending on the jurisdiction’s common law and rules. Florida, for example, made proportionality a matter of scope of discovery from the in- ception of its eDiscovery civil rules in 2012, which preceded the federal rules’ promotion to that level in 2015. See FLA. R. CIV. P. 1.280. Federal law strongly influences developing state law, especially where the state rules are like the federal rules. In these instances, federal cases in the absence of controlling state cases are persuasive but not controlling authority. This is important be- cause federal magistrates and judges author the overwhelming majority of eDiscovery published opinions. 71. The proportionality mandate in amended FED. R. CIV. P. 26(b)(1), in conjunction with FED. R. CIV. P. 26(g), assumed greater significance after the 2015 amendment to FED. R. CIV. P. 1, which explicitly states that parties and counsel “share responsibility” with the court to employ the rules to achieve the just, speedy, and inexpensive determination of every action. Craig B. Shaffer, The “Burdens” of Applying Proportionality, 16 SEDONA CONF. J. 76 (2015). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 255 analysis of whether the information sought is likely to make the existence of a consequential fact probable.72 The court must con- sider the breadth (length of time) and depth (types of docu- ments relevant within the time frame) of the information sought. For example, a court may screen a plaintiff’s medical records in a medical-malpractice case for relevance and scope based on whether they relate to care that impacts liability or damages and whether the record type (i.e., a summary chart, complete chart, or record beyond the traditional chart) may be relevant. Parties may also ask the court to determine the importance of the issues at stake in the action, the amount in controversy, the parties’ rel- ative access to relevant information, the parties’ resources, the importance of the discovery for resolving the issues, and whether the burden or expense of the proposed discovery out- weighs its likely benefit.73

E. The Proportionality Analysis in the Healthcare Context Healthcare entities are now part of a long-term experiment in healthcare provisioning and financing. However, they re- main burdened with systems ill-designed for eDiscovery, which fail to deliver many advantages of electronic media. A discus- sion of eDiscovery obligations and EHRs must account for these shortcomings and realistically consider the additional burdens they place on the healthcare industry. The inadequacy of many EHR systems for legal purposes is not entirely the fault of healthcare providers. Institutions and practices refined their paper records processes over decades of use while digital systems first proved their utility in practice management and billing, not in clinical records of care. Many

72. See FED. R. EVID. 401. 73. See FED. R. CIV. P. 26(b)(1). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

256 THE SEDONA CONFERENCE JOURNAL [Vol. 18 institutions and providers nonetheless had to switch to digital systems given government mandates. Clever litigants can turn this situation back on healthcare providers by exploiting the in- adequacy of the existing systems and increasing costs by at- tempting to impeach or diminish data that often unknowing— and at least incrementally innocent—healthcare providers pro- duce. At the same time, several features that clinicians favor for efficiency are risk laden. Providers embraced them in part due to insufficient due diligence and undervaluing the input of ex- perts in compliance, internal auditing, clinical-data quality as- surance,74 and information management.75 Because the need for EHRs in litigation is ubiquitous and will only increase, software designers and vendors must embrace discovery and evidentiary purposes. This will assist their clients with minimizing litigation costs while preventing distortions of the record of care. For now, litigants on all sides of the process are in the difficult position of trying to piece together any information they can from a highly imperfect documentation process.76

74. Marla D. Hirsch, CMS: EHRs Not Mature Enough to Report eCQMs Cor- rectly, FIERCEHEALTHCARE (June 20, 2016, 12:33 PM), http://www.fierce- healthcare.com/ehr/cms-ehrs-not-mature-enough-to-report-ecqms-cor- rectly; see also MATHEMATICA POL’Y RES. & LANTANA CONSULTING, HOSPITAL INPATIENT QUALITY REPORTING (IQR) ECQM VALIDATION PILOT SUMMARY, http://tinyurl.com/gsxlydk (last visited June 9, 2017). 75. Reed D. Gelzer, Record Entry Origination: Risks That Lurk in Your EHR, 34 NEW PERSP. 12, 12–18 (2015). 76. Chad P. Brouillard, The Impact of E-Discovery on Health Care Litigation, 49 FOR DEF. 48, 49 (2007). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 257

IV. APPLYING DISCOVERY PRINCIPLES AND RULES TO EHRS

A. Key Problems with Producing EHR Data One continuing problem in medical-liability matters is a per- vasive disconnect between native displays of EHR data and the exported print function in either paper or electronic form.77 The exported record is most commonly produced for discovery pur- poses as it appears like a paper chart, which conforms to the ex- pectations of legal participants. Moreover, printed representa- tions are more conducive to the practical legal uses of the record. Producing parties in EHR discovery provide lawyers with pa- per or imaged printouts that bear no resemblance to the screens that originally captured the data, however. The exported printouts may be cluttered and difficult to work with and may generate an enormous quantity of unusable pages compared with their paper equivalents or the simple graphic interfaces that clinicians use in native EHRs.78 It is common for a clinical- care episode on one date to generate hundreds of pages of paper when someone exports it from an EHR, while a similar encoun- ter documented in a paper chart may generate less than thirty pages. The phenomenon of export distortion raises an important conceptual difference between the function of EHRs and the pa- per charts many grew accustomed to in medical litigation. Liti- gants, counsel, and experts retained to review records must un- derstand that the version of the EHR that any given facility

77. Chad P. Brouillard, Emerging Trends in Electronic Health Record Liability, 52 FOR DEF. 39, 42 (2010). 78. See Ulman v. Commissioner of Social Sec., 2011 WL 4434880 (W.D. Mich. Sept. 8, 2011) (agreeing that “the [administrative judge] mistook the date a copy of the hospital’s electronic medical record of the incident was printed . . . as the date of plaintiff’s accident, and then drew an adverse cred- ibility inference based on the error”). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

258 THE SEDONA CONFERENCE JOURNAL [Vol. 18 provides them is an exported representation of only a portion of the data on the facility’s servers. The EHR outputs produced in response to a document request are a limited construct. In paper charting, clinicians keep the paper forms they use to document care contemporaneously in tangible, centralized, “original” charts (usually with original ink handwriting). Paper charts contain the pages used or created in real time. In contrast, the “original” in EHR systems is intangible and more compli- cated. It comprises two functional components. First, the EHR system captures data that the clinician inputs. Second, the EHR system displays information and documentation choices to the clinician. The documentation choices range from limiting poten- tial responses (e.g., fixed data, drop down selections, pre- canned text, etc.) to allowing free text narrative entries. Data- bases on the EHR server store the captured data. The captured data in its native state is fragmented and useless for human re- view. The databases rarely preserve the information displayed to the clinician during documentation creation. For many EHR system vendors, converting data into an ex- ported, printable form is a distraction from the purpose of the EHR. The EHR offers functions beyond those possible with pa- per records (e.g., instantaneous communication of a critical finding to all relevant providers who may be miles apart at dif- ferent facilities, or participation in state or national health infor- mation exchanges). Transforming EHR data in a printable rep- resentation is an awkward contortion because the vendors did not design them for paper. Nonetheless, end-user expectations and processes evolved from a long-standing use of paper rec- ords, which incentivized designers to generate outputs that suf- ficiently resembled familiar paper documents. The most serious issue from an eDiscovery perspective is the difference between the exported record and the native environ- ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 259 ment that the provider perceives, in terms of design and acces- sible data. It is common for authoring medical professionals to have trouble recognizing the yield of a print or export function even when it purports to be their own electronically-signed doc- umentation. The export often lacks any coherent organization and almost never tracks the native electronic-data display. Sometimes the export lacks information displayed in the EHR or vice versa. The result of a printed export depends on the tem- plates that the vendor created. Specific medical entries may auto-populate the template, or it may contain boilerplate lan- guage that the clinician may not read or input during care— even though he or she ultimately signs off on it.79 EHR systems may also contain undocumented functionality such as critical alerts for dangerous drug interactions or automatic tracking of outstanding screening tests. Access to the original display is sometimes impossible from a technical point of view when the software had not been de- signed to preserve the original display. While EHR systems fo- cus on retaining the data that the clinician input, they do not preserve the display that the clinician used. Given the available technology, EHR systems cannot pre- serve historic, graphic displays that parties could use during lit- igation. This capability is critically important because EHR sys- tem developers often change the display without preserving historic screens or settings necessary to reproduce them reliably in the future. The native display for a patient in 2010 compared with the 2016 display for the same patient in the same EHR might vary greatly from upgrades and patches. The result may

79. Pranter v. United States, 2012 WL 2060632, at *5, n.9 (D. Minn. June 7, 2012). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

260 THE SEDONA CONFERENCE JOURNAL [Vol. 18 distort the care record and destroy the old display form.80 Sev- eral systems also have role-based data displays (i.e., they dis- play different—and possibly limited—data to physicians, nurses, and medical assistants). This further complicates pro- duction of authentic, complete, and accurate displays. For ex- ample, in a case involving physician care, providing an EHR display based on medical-assistant credentials might be more limited than a display based on physician credentials. In this context, EHR production for eDiscovery can be prob- lematic. Production of a paper chart often was simpler if a med- ical-records department had organized, centralized, and se- cured the tangible original. The caretaker carefully made an imaged photocopy of each piece of paper in the original inked paper chart as well as the folder. Often, that photocopy—if com- plete, legible, and reasonably comprehensible—would repre- sent the end of the inquiry. If not, a litigant could obtain access to the single, tangible original to inspect it and for witnesses to decipher entries, if necessary. If ten litigants requested the same document, all of them would likely receive photocopies of the same set of records. EHR data production is a more complicated process. There is no organized and centralized tangible record. Typically, there are multiple systems. A clinician creates, prints, and produces an exported paper record in accordance with the parameters of the request. However, an exported EHR is not the complete data set available in the original EHR. Incredibly, it may neither be feasible nor possible to produce an EHR data set in its entirety. If such a record were possible, it may not be usable. Because there is no fixed, imaged chart, the formatting of the EHR paper export often changes over time. The vendor’s upgrades and

80. Chad P. Brouilliard, Electronic Health Record Liability: Further Evolving Trends, 58 FOR DEF. 80, 82 (2016). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 261 patches may add or delete tables or make other design decisions that change the look and feel of the output or even the dimen- sions of the paper record. Healthcare litigants, advocates, and judges may falsely ex- pect, based on their experience litigating within the paper-chart environment, that the paper chart for a given patient should al- ways be the same if it is complete, regardless of who requested the record and when he or she made the request. In an electronic environment, people often encounter different versions of ex- ported paper productions of the same record. Some commenta- tors have argued that EHR systems should do a better job at producing a consistent paper record—an immutable artifact that can stand scrutiny over time as a legal health record.81 In truth, EHRs are challenging litigants to move beyond precon- ceptions about the paper copy and instead treat the system as a proper object of eDiscovery inquiry. What is integral in an eDis- covery inquiry is whether the electronic data is intact and un- changed—how it prints out over time is irrelevant. Multiple pa- per export versions are merely a symptom of the seismic shift in documentation processes toward digital sources.82

81. Donna Vanderpool, EHR DOCUMENTATION: How to Keep Your Pa- tients Safe, Keep Your Hard-Earned Money, and Stay Out of Court, 12 INNOV. CLIN. NEUROSCI. 34, 34–38 (2015); Chris Dimick, EHRs Prove a Difficult Witness in Court, J. AHIMA (Sept. 24, 2010), http://journal.ahima.org/2010/09/24/ehrs- difficult-witness-in-court/. 82. Smith v. Hayman, 2012 WL 1079634, at *3 (D.N.J. March 30, 2012) (de- clining to impose an injunction or sanctions on a physician when the plaintiff claimed that entries from the “Problem List” were modified based on differ- ent record sets outputted four months apart, because the physician explained that the Problem List was not a static timed entry but was dynamic as to present concerns); see Picco v. Glenn, 2015 WL 2128486 (D. Colo. May 5, 2015); Hall v. Flannery, 2015 U.S. Dist. LEXIS 57454, 2015 WL 2008345 (S.D. Ill. May 1, 2015); Cason-Merenda v. Detroit Medical Center, 2008 WL ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

262 THE SEDONA CONFERENCE JOURNAL [Vol. 18

One impediment to this shift is that paper charts remain the convention. Stakeholders such as clients, counsel, subrogees, witnesses, judges, and juries prefer and commonly use paper charts in the healthcare litigation process. This preference largely reflects the perceived high-burden cost of digital pro- duction and admissibility challenges that arise from current, widely-variable systems. If the original data remains intact and available for testing, its presentation in a printable form is a sec- ondary concern from an EHR system developer or custodian’s point of view. The printable form (or on-screen “print-like” PDF or TIFF renderings) may be highly important for counsel only in the short term to the extent needed to fulfill “appearance” ex- pectations of litigation stakeholders. For most purposes, the electronic paper export—despite its high cost in dollars and time—functions only as a limited and marginally adequate stand-in for a paper chart. This is espe- cially true where the documentation is not the true focus of the litigation, and the parties do not challenge it. For now, trustwor- thy and accurate EHR system outputs—digital or printed—re- main elusive due to the absence of technological and legal dis- covery support. The paper-chart convention breaks down further if one of the litigants questions the authenticity of the EHR. Such a chal- lenge means that the parties will require corroborating infor- mation about the producing institution’s process, including

2714239, at *6 (E.D. Mich. July 7, 2008) (denying eDiscovery cost-shifting mo- tion on behalf of two health-system subsidiaries in an antitrust class-action lawsuit resulting in a burden placed solely on the health system); United Med. Supply Co. Inc. v. United States, 77 Fed. Cl. 257, 258 (Fed. Cl. 2007) (sanctioning the government for failing to have medical treatment facilities preserve eDiscovery); Regan-Touhy v. Walgreen Co., 526 F.3d 641, 644 (10th Cir. 2008) (upholding the district court’s determination that the provider met its eDiscovery obligations without producing an audit trail showing who had viewed EHR as opposed to who conducted transactions). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 263 data display, data capture, metadata, and audit reporting. This inquiry level raises litigation costs because both sides may need technical and forensic experts to analyze the data in its native form. Litigants traveling this path should utilize the rules of civil procedure and associated protections applicable in their ju- risdictions.83 Those who treat the EHR like a paper chart in the face of electronic demands will miss key opportunities to limit the scope and nature of the inquiry. They also will miss oppor- tunities to challenge the authenticity of EHRs before admission, or their integrity and accuracy at trial. It is imperative to try to confirm and memorialize the specif- ics of the requesting party’s electronic demands in writing as part of an eDiscovery agreement (also called a “Stipulated Elec- tronic Discovery Protocol”) before embarking on production. Courts weighing over-burdensome eDiscovery demands will have little sympathy for responding parties who jumped the gun and expended resources without seeking to confer with the other side and reducing the parameters to writing.84 Most juris- dictions require a meet and confer and written plan between the parties before they can present eDiscovery disputes for judicial resolution.

B. Production Form Production of native ESI data from an EHR system is prob- lematic for several reasons. First, a proprietary system generates the raw data. Thus, it is almost always unusable without the proprietary EHR software that generated and organized it for human review. Most medical institutions cannot simply share a

83. Bentley v. Highlands Hospital, 2016 U.S. Dist. LEXIS 23539, at *2 (E.D. Ky. Feb. 23, 2016); Myers v. Riverside Hospital, Inc., 2016 Va. Cir. LEXIS 53, at *4 (Va. Cir. Ct. April 21, 2016). 84. See Picco, 2015 WL 2128486, at *5. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

264 THE SEDONA CONFERENCE JOURNAL [Vol. 18 copy of their EHR because of contractual limitations and the ex- orbitant cost of replicating their native installation.85 Deposi- tions of in-house technical staff and software vendors are com- mon, resulting in significant legal costs for all involved. Advocates also use third-party subpoena requests directed to software vendors to seek relevant information. In some cases, counsel have demanded that producers make EHR systems available in court, at trial, to show the native display to the jury.86 This may be costly and difficult to manage from a security point of view, considering patients’ privacy rights. Continued reliance on printable exports of EHRs in litigation is one symptom of a greater problem inherent in EHR-based eDiscovery. This outdated modality results from the inherent lack of utility of native digital EHR data, absent its source soft- ware. Under the Federal Rules of Civil Procedure, a producing party has a general obligation to produce data in “a reasonably

85. Mitchell v. Reliable Sec., LLC, 2016 U.S. Dist. LEXIS 76128, at *3 (N.D. Ga. May 23, 2016). In this employment discrimination case, the plaintiff re- quested ESI in its native format, with metadata intact, to verify that nobody had tampered with the documents. The defendant attempted to avoid pro- duction by stating that it should not have to produce the files in native format because it would cost an additional $3,000, and the case had low value. Re- lying on FED. R. CIV. P. 26(b)(2)(b), the court ordered the defendant to pro- duce the files in their native format because the defendant never offered any explanation about why native production would cost more than PDF pro- duction. The court also rejected the argument that the cost was prohibitive on such a low-value claim because it determined that the plaintiff had a good reason for seeking the native files, stating that “the Court finds that the pub- lic value of allowing a civil-rights plaintiff opportunity to access [relevant] information . . . far outweighs the asserted $3,000 cost.” 86. Chris Dimick, EHRs Prove a Difficult Witness in Court, supra note 81; Rauchfuss v. Schultz, 2014 Va. Cir. LEXIS 112 (Nov. 20, 2014), 2015 Va. Cir. LEXIS 145 (Aug. 7, 2015), 2015 Va. Cir. LEXIS 185 (Dec. 15, 2015) (series of motions in same case where plaintiff made escalating requests for EHR data including demand for live EHR in Court). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 265 usable form.”87 Native digital EHR data generally is not usable outside its own software environment due to the lack of univer- sal technical design conventions or Standards that would enable interoperability. This is true even for the purely extralegal, clin- ical use of EHR data.88 The lack of EHR system interoperability is also a key contro- versy in the EHR industry’s software market.89 Vendors gener- ally do not design90 EHR software to transfer data smoothly to

87. FED. R. CIV. P. 34(a)(1)(A). 88. Jeff Byers, Interoperability Is a Four-Letter Word: Inching Toward True Ex- change, HEALTHCARE DIVE (July 11, 2016), http://www.healthcaredive.com/ news/interoperability-data-integration/421307/?sf30769957=1&sf30807216=1 (“‘The biggest problem with interoperability is, like many aspects of health care, the demand curve does not mitigate towards integration,’ Jonathan Bush, CEO of athenahealth, told Healthcare Dive, adding[,] ‘In fact, the way health care payment and delivery is structured, the demand curve pulls peo- ple toward isolation.’”). 89. See Letter from James L. Madara, Exec. V.P. & C.E.O., Am. Med. As- soc., to Marilyn B. Tavenner, Adm’r, Ctrs. for Medicare & Medicaid Servs., U.S. Dep’t of Health & Human Servs., & Karen B. DeSalvo, Nat’l Coordinator for Health Info. Tech., U.S. Dep’t of Health & Human Servs. (Oct. 14, 2014), available at http://mb.cision.com/Public/373/9661589/9185dfb838c6fe9c.pdf; AM. HOSP. ASSOC., WHY INTEROPERABILITY MATTERS 2 (2015) (“[O]nly about a quarter of all hospitals can find, send, receive and use electronic infor- mation due to substantial barriers.”); S. Pringle & A. Lippitt, Interoperability of Electronic Health Records and Personal Health Records: Key Interoperability Is- sues Associated with Information Exchange, 23 J. HEALTHCARE INFO. MGMT. 31, 31–37 (2009). 90. See, e.g., DEP’T. OF HEALTH AND HUMAN SERVS. OFF. OF THE NAT’L COORDINATOR FOR HEALTH INFO. TECH., REPORT ON HEALTH INFORMATION BLOCKING 12 (2015) (citing “[d]eveloping or implementing health IT in non- standard ways that are likely to substantially increase the costs, complexity, or burden of sharing electronic health information, especially when relevant interoperability standards have been adopted by the Secretary” as one cause of their representation of the alleged problem), https://www.healthit. gov/sites/default/files/reports/info_blocking_040915.pdf. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

266 THE SEDONA CONFERENCE JOURNAL [Vol. 18 other systems. It is common for EHR systems to be unable to send and receive even Standards-compliant data forms such as patient summaries, problem lists, or medication lists. While commentators have highlighted the impact of interoperability91 as a problem for the clinical use of EHRs, its substantial impact on the usability of native EHR data in litigation has not received as much attention. Further, current initiatives to develop an in- teroperability standard for clinical purposes do not account for eDiscovery as an end use. Without universal data requirements consistently referenc- ing Standards, litigants must manage data from every EHR sys- tem, dealing with unique terms and idiosyncrasies. Access to native data may be impossible without employing the proprie- tary EHR software version implemented at the facility. Errone- ous assumptions about the discovery capabilities of EHR sys- tems that no one has tested further exacerbate the expected presence of idiosyncrasies.92 Without industry-wide interopera- bility Standards for EHR clinical data sets, normalizing the pro- cess for eDiscovery purposes may be cost prohibitive. Absent standardized processes, litigation costs attributable to eDiscov- ery demands quickly escalate as ad hoc solutions occur on case- by-case bases. Considerations of undue costs and burdens un- der Fed. R. Civ. P. 26(b) may limit such eDiscovery. The current state of EHR systems raises a knotty question that litigants and judges must resolve in essentially every case—how can litigants

91. See Letter from James L. Madara, Exec. V.P. & C.E.O., Am. Med. As- soc., to Marilyn B. Tavenner, Adm’r, Ctrs. for Medicare & Medicaid Servs., U.S. Dep’t of Health & Human Servs., & Karen B. DeSalvo, Nat’l Coordinator for Health Info. Tech., U.S. Dep’t of Health & Human Servs. (Oct. 14, 2014), available at http://mb.cision.com/Public/373/9661589/9185dfb838c6fe9c.pdf. 92. See, e.g., LEVINSON, supra note 22, at 11 (referencing incapacitated or vulnerable audit functions). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 267 produce information for eDiscovery purposes from systems that do not render reasonably usable data? The obligations of providers to retain and produce all record types—including, for example, scanned or imaged documents from other facilities—are matters of dispute.93 Healthcare insti- tutions do not agree on whether, in discovery, they must release information other healthcare institutions originally provided them. However, courts will likely require them to produce these documents in litigation, which their document-retention and lit- igation-hold policies should cover.

C. Access Modalities In addition to formal document-production requests, sub- poenas, or discovery meet and confers, other circumstances per- mit access to patient records. Patients have rights of legal access, independent of litigation, to a portion of their medical infor- mation under the Health Insurance Portability and Accounta- bility Act of 1996 (HIPAA) privacy rules via an authorization procedure.94 In practice, plaintiffs and defendants use HIPAA authorizations to access their patient information prior to filing a lawsuit and during litigation. In certain jurisdictions, state judges will not entertain sub- poenas or document requests for patient information directed to healthcare providers. Instead, they will force litigants to se- cure HIPAA-compliant authorization from patients. Federal law governs facility responses to patient authorizations (whether plaintiff or defendant), which limits production to a

93. See Shambreskis v. Bridgeport & Port Jefferson Steamboat Co., 2008 WL 2001877, at *2 (E.D.N.Y. May 8, 2008) (“Scanned documents are an intri- cate component of the electronic health record and are utilized in the medical decision process.”). 94. 45 C.F.R. 164.524 (2017). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

268 THE SEDONA CONFERENCE JOURNAL [Vol. 18 designated record set. A designated record set includes most patient health information stored in any medium. In accordance with 45 C.F.R. 164.501 a designated record set is defined as: 1. A group of records maintained by or for a covered entity that is: i. The medical records and billing records about individuals maintained by or for a cov- ered health care provider; ii. The enrollment, payment, claims adjudication, and case or medical management record sys- tems maintained by or for a health plan; or iii. Used, in whole or in part, by or for the covered entity to make decisions about individuals. The rule does not require healthcare entities to produce all discoverable data to the requesting patient.95 For instance, the designated record set does not include metadata, audit-trail re- porting, pending reports, and prior record versions, although they may fit most jurisdictions’ definitions of discoverable ma- terial. Thus, the principal process employed in litigation in some states to secure medical records is at odds with the scope of per- missible discovery laid out in the applicable rules of civil proce- dure.

D. Audit Trails Advocates expected audit trails to serve as a definitive prov- enance for the record—proof to guarantee that no one had mod- ified or deleted the digital record. Most existing audit trails, as implemented, fall far short of achieving that goal.96 Audit trails

95. See 45 C.F.R. 164.501 (2017). 96. Chad P. Brouillard, EHR and Audit Trails Might Reveal More Than You Think, INSIDE MED. LIAB., Sept. 2015, at 18, available at http://www.mgma- gkc.com/wp-content/uploads/2015/10/IML-3Q-2015-pp-18-20.pdf. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 269 are reporting functions built into EHR systems that can operate like metadata. Under federal requirements, vendors should con- struct audit trails at minimum to generate a log of user access to patient charts to comport with an entity’s HIPAA security obli- gations. Until there is an enforced regulatory requirement to de- fine and implement an audit trail adhering to given specifica- tions, the reliability, comprehensiveness, and level of detail captured in audit trails will vary in form and effectiveness for any given EHR. Design can limit the granularity of audit data, particularly in older systems, to accommodate the processing and storage limitations of the systems in use. The utility of audit trails will likely diminish further to the extent that organizations disable or edit them.97 There is quite a bit of confusion about audit trails and their related capabilities, which vary by product. Software-design companies choose the types of reports their systems can gener- ate based on this underlying data and metadata. Audit-trail functions are not uniform across systems or even within the same system installed at different sites. Furthermore, an audit trail is a report that is generated for a purpose—for example, to discharge HIPAA-based access reporting and other privacy ob- ligations. There are several considerations impacting the usability of audit-trail reporting for legal purposes. First, in practice, some vendors and institutions cannot certify that audit-trail outputs are valid.98 Without this additional layer verifying the accuracy

97. See, e.g., LEVINSON, supra note 22, at 8. 98. Id.; see also 45 C.F.R. 170.315 (2017); ONC Health IT Certification Pro- gram: Enhanced Oversight and Accountability, 81 Fed. Reg. 72,404 (Oct. 19, 2016) (to be codified at 45 C.F.R. 170 (2017)). Congress has not designated an agency to enforce healthcare information technology (HIT) compliance of de- ployed systems with requirements relating to evidentiary support, and there is no apparent enforcement in deployed systems. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

270 THE SEDONA CONFERENCE JOURNAL [Vol. 18 of the audit trail, admissibility is questionable. Second, audit trails vary based on the choices made by the vendors designing the reports. Obviously, some variation in audit trails is to be ex- pected based on the needs of the software developers and im- plementing institutions. However, from a legal perspective, a bare minimum nationally imposed Standard would provide a level playing field for vendors, improve the utility of audit trails, and ease data and record authentication. At a minimum, the audit reports could log users’ access and include timestamped, changed, and deleted values. One controversial topic concerns systems lacking a built-in audit-trail report that drills down to the specificity that the ad- verse party requires (e.g., documenting the notations a nurse changed in a progress note for a given date and time). This means that the requesting party is asking the producing party to create a custom-built report—or worse, engage in an in-house forensic process. The legal analysis would generally include weighing the eDiscovery considerations of providing data in a reasonably usable format against the undue burdens and costs of production.99 In Picco v. Glenn, the defendant hospital argued that the court should not force it to produce an audit-trail report because it had already provided underlying data to the plaintiff, which constituted the “building blocks” to construct the audit trail. The plaintiffs asked the hospital to go beyond the audit-trail re- port and perform a forensic examination of the audit databases to extract audit and patient-specific data manually—a costly proposition. Ultimately, the court found against the hospital, likely because it was a party to an agreement to provide the “complete audit trail” for the patient. This agreement triggered

99. Compare Picco v. Glenn, 2015 WL 2128486 (D. Colo. May 5, 2015), with Regan-Touhy v. Walgreen Co., 526 F.3d 641 (10th Cir. 2008). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 271 the hospital’s duty to render the data in a reasonably usable for- mat, despite the cost. When negotiating with an adverse party requesting audit information beyond the standard report, a meet and confer or other discovery device to memorialize party expectations in writing would help in resolving the issue effi- ciently and economically. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

272 THE SEDONA CONFERENCE JOURNAL [Vol. 18

V. A HIERARCHICAL APPROACH The basis for a new, practical, and empirically sound “initial scope” of an effort to achieve uniform procedures is a logical order that exists for trust attributes and associated support func- tions and can provide a framework for sequential discovery in EHRs. We provisionally term this hypothetical “framework” the discovery Logical Model. It aligns with discovery goals because it highlights requirements for trusted EHR production and as- sociated vulnerabilities. If there are concerns about authenticity, then the framework will address vulnerabilities (or risk sources) as needed for the case and context. The Logical Model offers a sequenced approach applicable to producers who may confront previously unknown gaps and recipients who may identify anomalies in the records’ representation of patient-care history. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 273

Figure [1]: Logical Model–A Hierarchical Approach to Discovery Trust. For a clearer version of this diagram, see https://s3.amazonaws.com/IGG/ publications/Logical+Model_A+Hierarchical+Approach+to+Discovery+Trust.pdf. For the purposes of ROI outputs, the challenges that arise in EHRs form a capabilities and risk hierarchy within the Logical Model. Figure [1] illustrates this hierarchy with a simple sche- matic representation. It highlights record origination as the cap- ture of acts or events in the “real world,” the resulting records’ retention and management over time, subsequent episodic ROI production, and the system’s ROI production support. The first element is the most critical dependency for discovery trust, and each element thereafter preserves, protects, and provides evi- dence-supporting trust.

A. Hierarchy Rationale First, an EHR system captures data for any purpose or use by originating and retaining records. It must then manage these records over time to ensure data accuracy and authenticity in a ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

274 THE SEDONA CONFERENCE JOURNAL [Vol. 18 manner that meets the needs and specifications of the organiza- tion and other stakeholders and end users (e.g., peer review and the legal system). Improperly originated or received records100 have uncertain validity and authenticity for both their primary use in patient care as well as any derivative, secondary, or ter- tiary functions such as informing business operations, including ROI processes. In Figure [1], this is represented by the first level 1 (L-1), the foundation for reliability and value in this context. Weak foundations may be crippling and substantially diminish achievable value. Second, specific actors (individuals or devices) synthesize all records in EHR at specific times.101 Therefore, the system must provide resources to understand those processes (e.g., record-

100. See Lifecycle Events in PROV Model format with definitions as EHR-LC Events_Vocab_v0.5.5, 5, 24, HEALTH LEVEL 7 INT’L, http://wiki.hl7.org/in- dex.php?title=Record_Lifecycle,_Security,_Privacy,_and_Provenance_Vo- cabulary_Alignment (downloadable resource document defining “To Origi- nate” and “To Receive”) (last visited June 16, 2017). 101. Note that different authoritative references’ vocabularies address key terms such as “actor” for representing the “who” or the “what” that executes an act or action differently. For example, in HL7 EHR System Functional Model Release 2, “Actor” (in the healthcare system) references ISO TS 18308 as “[h]ealth professional, health care employee, patient/consumer, spon- sored health care provider, health care organization, device, or application that acts in a health related communication or service.” In contrast, the World Wide Web Consortium’s PROV (Provenance) standard uses the term “agent” rather than “actor.” See, e.g., W3C, PROV-DM: THE PROV DATA MODEL § 5.3.1 (2013), https://www.w3.org/TR/prov-dm/ (“An agent is something that bears some form of responsibility for an activity taking place, for the exist- ence of an entity, or for another agent’s activity.”). This reflects the “work in progress” state of key terms and concepts, requiring careful communication in discovery to avoid misunderstandings arising from the possible applica- bility of more than one authoritative reference. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 275 ing data such as the author identification, date, and time associ- ated with a record). In Figure [1], the second level (L-2) repre- sents these system events. Third, our interest here is in discovery-usable renderings of records with their supporting system data. A system must be able to provide output in various forms—a synthesis of infor- mation representing the first and second steps above. It must also be able to produce records about its state (e.g., records of user and administrative changes that affect how the system op- erates, including embedded warnings, clinical templates, or similar functions that directly or indirectly impact how the sys- tem originates, retains, and manages records). The third level (L-3) represents this in Figure [1]. Fourth, because specific actors or previously configured sys- tem actions102 synthesize all reports at specific times, the system must also provide means to understand those synthesizing pro- cesses. The fourth level (L-4) represents this in Figure [1]. This hierarchy is logical, although it does not necessarily re- flect real system functional behaviors. We intend the Logical Model to illustrate the tasks that a discovery process must nav- igate to “tell the story” of the actions and events in question. The record must exist in the first instance. The system must have created it by auditable, reliable means.103 Report functions must

102. An individual person can generate output reports as ad hoc actions, or preset configurations or other means of report design can generate them. In the latter case, a history of how the system designed a report and, if pertinent, how it changed over time, and who validated it for clinical or operational use, may be interesting in complex litigation. It is unlikely that this depth of inquiry would arise in initial discovery and, per this article’s recommenda- tions, it would likely not be part of an initial Release of Information (ROI) response. 103. “Reliable” and “reliability” in the context of EHR systems for purposes of discovery support are attributes that are useful for gauging the “unusual ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

276 THE SEDONA CONFERENCE JOURNAL [Vol. 18 offer ROI process tools that assemble records and related sup- port to confirm their veracity. Finally, the system must imple- ment processes to validate the report functions.

B. Trustworthiness Levels An EHR system can typically produce a limited, general ROI report supporting the first item described supra as Level 1 or L- 1.104 This is a normal and routine type of output from the EHR system and often provided in response to a HIPAA-compliant patient authorization. The second, third, and fourth items are, in that order, increasingly unlikely to exist as preexisting “point and click” reports. Parties would likely produce such reports pursuant to eDiscovery agreements, court orders, or internal fo- rensic needs. Each output or report is a necessary precursor to those that follow. If the system does not originate and properly retain a record, the fitness of the subsequent functions is of lesser im- portance to assure veracity. Instead, it is of greater importance

reliability” of business records under certain regimes that can assist with EHR system reliability validation. These regimes include systematic record checking, when conscientious execution of the given enterprise’s definitions or requirements for precision in records practices render habits of precision by the experience of their continuous reliability for tasks at hand, and a re- gime in which people actually practice and enforce a dedication to accuracy. Drury et al., Electronic Health Records Systems: Testing the Limits of Digital Rec- ords’ Reliability and Trust, supra note 42, at 265 (quoting FED. R. EVID. 803(6)(E) (citing MCCORMICK ON EVIDENCE §§ 281, 286, 287 (Kenneth Broun ed., 6th ed. 2006); Charles V. Laughlin, Business Entries and the Like, 46 IOWA L. REV. 276 (1961))) (“The element of unusual reliability of business records is said vari- ously to be supplied by systematic checking, by regularity and continuity which produce habits of precision, by actual experience of business in relying upon them, or by a duty to make an accurate record as part of a continuing job or occupation.”). 104. See supra Sect. V.A. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 277 for revealing increments of non-veracity. The HL7 EHR-S Func- tional Model (R2)-referenced representation of basic Trust Infra- structure for Release of Information (ROI) in Figure [2] below illustrates this. Level 1, Record Origination, Creation, and Maintenance: The foundations of records authenticity and trust are the means and methods of executing an EHR system’s Standards-defined op- erations (Originate, Retain, and Receive) for records creation. For existing records, Amend (Update) and other routine system functions maintain records over time. Uncertainties of, for ex- ample, authorship or alteration will subject the record to chal- lenge. The absence of Level 1 support capabilities weakens higher-order requirements in this Logical Model. This “main path” of records is represented in Figure [2] below by a horizon- tal line from “Acts or Events in Real World” to Output 1, “o-1. ‘General’ Release of Information.” In most instances, Output 1 will meet the needs. In most other circumstances, a repeat cycle of more specific, targeted requests (Output 2, o-2) will address further needs. At this level, a system’s record-maintenance and retention capabilities, as well as the organization’s practices, are also fac- tors. Records properly originated but subsequently not re- tained, but deprecated (or destroyed), introduce further varia- bilities to weaken higher-order requirements, which diversities in transparency of retention practices and requirements further complicate.105 Level 2, Record Validation: The means and methods of validat- ing EHR data (e.g., author, date, and time) with available audit

105. See, e.g., Medical Record Retention Required of Health Care Providers: 50 State Comparison, HEALTH INFO. & LAW (Jan. 27, 2016), http://www.healthin- folaw.org/comparative-analysis/medical-record-retention-required-health- care-providers-50-state-comparison. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

278 THE SEDONA CONFERENCE JOURNAL [Vol. 18 functions may be lacking. A major source of consternation in le- gal-process support is the misconception that all relevant EHR actions have associated audit-capture events to support queries for every step of originating, updating, or viewing EHRs within the inventory of system/administrative record entries. Further- more, there is an unmet expectation that audit functions can de- tect altered records. In Figure [2] below, the “System/Adminis- trative Record Entries” above the “main path” series described in the paragraph above represents these system events. Level 3, Reporting: This level concerns a system’s ability to compile a report from Level 1 and Level 2 functions, including minimum elements of its validation means (e.g., ROI for a des- ignated record set). This includes the ability to represent or re- produce items such as defined screen views used during clinical decision-making. These functions can be problematic due to a lack of design in the system or lack of substrate arising from limitations in Level 1 and/or Level 2. Though theoretically fea- sible, other means may achieve such capabilities including di- rect observation of a working system. In Figure [2] below, “Sys- tem Configuration, System Event Report Assembly” represents the EHR system’s oversight capabilities. Output 3 (o-3), “System Configuration, Operations,” is an assembly of the evidence sup- porting reliability of records produced in the course of normal operation, including ROI. Level 4, Reporting Validation: This level concerns a system’s ability to compile reports reliably to assure oversight and vali- dation for its reporting functions, including how it actually de- signs, creates, tests, and validates reports and outputs. These functions support assessment of whether the system configured a given output (such as an ROI report) appropriately to capture and render the intended information. This is represented in Fig- ure [2] below, depicted as Output 4 (o-4) “System Report As- sembly Configurations.” It is unlikely that a reporting function ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 279 serving this specific purpose exists in an EHR system. Nonethe- less, this “oversight” requirement will be interesting where is- sues persist and expand regarding the veracity of ROI output.

Figure [2]: HL7 EHR-S Functional Model (R2)—referenced representation of basic Trust Infrastructure for Release of Information (ROI). For more detail and a color- coded version of this diagram, see https://s3.amazonaws.com/IGG/publications/ Trust+Infrastructure+for+Bus+Records+_Color.pdf. The most important basic fact about any digital-record sys- tem is that vendors select all outputs, whether electronic or physical, by design. The final display only contains the infor- mation and format that another party or entity chose to make available to users. In the absence of oversight, regulation, or conformance with existing Standards, the designer has substan- tial discretion. Therefore, each of these functional levels varies across all systems and separate installations of the same system, due to history, incentives, and the lack of restraints. Systems will support each functional level differently due to variations ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

280 THE SEDONA CONFERENCE JOURNAL [Vol. 18 in their design. For entities preparing for records production or propounding records requests, this hierarchy will provide con- text for a starting point. This hierarchy also provides a framework for a systematic discovery process by focusing on Levels 1 and 2. If questions arise from the initial steps, it then evaluates other levels concur- rently.106 In this treatment, discovery can proceed systematically from a starting point. An initial designated record set for a general ROI output addresses system variances in a logical order. A well-defined initial ROI is usually sufficient to meet the need for discovery, although such an ROI does not presumptively meet all end-use specifications. Levels 2, 3, and 4 only arise in support of questions related to the initial ROI. Level 1 contains the elements of the story of the patient’s care. Level 2 validates the elements of the story by showing that the system originated and managed the fully formed digital rec- ord, composed of content and support data, somewhere on a continuum from “managed attentively to good purpose” to “not managed attentively” to “managed attentively to ill purpose.” Level 3 shows how the system assembled the story into the forms and formats the system output presents. Level 4 validates that the system output was appropriate and complete (to the ex- tent the system captured and maintained the integrity of the el- ements back to levels 1 and 2).

C. Translating the Hierarchical Model into a Discovery Framework Our objective is to offer a pathway to uniform procedures that “would establish, at the least, initial scope, form, and limits

106. Note that the hierarchical approach also provides a framework for EHR system “robustness” testing, such as risk-assessment, due-diligence, or acceptance testing. These are outside the scope of this article. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 281 for medical records production in order to alert the requesting party and producing party to areas of agreement and disagree- ment.”107 Figures [1] and [2] illustrate a logical hierarchy that can align with a discovery process by focusing on “initial scope,” “form,” and “limits,” as a sequence. 1. Initial Scope: An initial ROI “series” will likely en- tail multiple ROI “cycles” involving: (a) first re- quest, ROI 1 in the diagram; and (b) second re- quest, to ask questions about the first and/or to request more information about aspects of the “story” that the first ROI output revealed. 2. Additional ROI cycles will increasingly focus on clarification as well as questions about form. This will arise because of the likelihood of identifying gaps or anomalies in the ROI, which would raise concerns about one or more of the risk elements in EHR systems due to their extraordinary variabil- ity. For further illustration, see Figure [2], Risks A–D: a. Risk A: Level 1—Was the first capture of the relevant acts or events executed in a manner consistent with accuracy (correct date, time, author, and attribution of source data)? Level 2—Does the system concurrently capture suf- ficient data about these events to support the veracity of record origination? b. Risk B: Level 1—Did the system manage the record retention from origination cor- rectly? Did it save the record at a date and time consistent with its representations of when the

107. See infra Sect. VII. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

282 THE SEDONA CONFERENCE JOURNAL [Vol. 18

relevant events occurred? Did anyone update the record, and if so, did he or she do it in an acceptable and transparent manner? Is the pre- vious version available for inspection? Is the updated version clearly marked as an up- dated, amended, or corrected record? Level 2—Does the system concurrently capture suf- ficient data about these events to support the veracity of record management? c. Risk C: Level 1—Does the system’s ROI output synthesize and include the relevant rec- ords? Does that synthesis include the evidence of reliability of the relevant records, the metadata generated in capturing the events in question? Does it include additional patient- care supportive data aggregations such as medication lists, problem lists, and flow charts that are relevant to clinical decision-mak- ing? Level 2—Does the system have a means of rendering an ROI output that synthesizes ele- ments from origination with those from man- agement and system background processes? Can this output recreate the sequence of infor- mation that a clinician accessed and possibly viewed? Level 3—Does the system ROI sup- port include the capability to generate audit re- ports in origination and management pro- cesses? Level 4—Does the system support the ability to identify and report administrative ac- tions taken within it? For example, does the system track key configuration settings such as who can author, edit, or change EHR system audit settings? Does the system concurrently capture sufficient data about configuration ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 283

histories to support the veracity of report func- tions? Can the system produce audit logs for the history of configuration changes? d. Risk D: Level 1—Is the system’s method of col- lating data into a synthesized output suffi- ciently inclusive to meet the requirements for transparency and trustworthiness regarding relevant records of acts or events, system con- figurations, states, and output synthe- sis? Level 2—Does the system concurrently capture sufficient data about synthesis pro- cesses to support the veracity of reports on re- porting? Risks A and B apply to the veracity of ROI types 1 and 2, which are the components of Initial Scope. ”Form” for these ROI types will mean “the form that acceptably (to all parties) repre- sents the clinical view of the relevant patient care events-in-pro- gress and that acceptably represents the information available for clinical decision-making.” Risks C and D apply to situations in which there may be con- cerns about veracity. More detailed analyses will address, among other things, specific and technical questions about the forms of these “deeper dive” ROI outputs of types 3 and 4. These risks arise largely from the lack of rigor in EHR system design, configuration, implementation, and use. Combined with a lack of regulation and oversight, this supports the con- tinued inclusion of functions that pose significant risk to EHR systems’ reliability for records management. In contrast, regu- lated devices substantially reduce veracity risk by assuring pur- chasers and users that basic records-management norms are re- liable and predictable. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

284 THE SEDONA CONFERENCE JOURNAL [Vol. 18

D. A Four-Step Approach to EHR Discovery EHR system environments are highly variable. Institutions may implement and configure the same software product in highly customized ways, so few generalities apply. Experts with experience in these software environments can assist both sides with reconciling gaps in expectations about responses to eDis- covery requests. A step-by-step, methodical approach based on sound analysis of the dependencies for trusted ROI is necessary. The Logical Model represents the hierarchical requirements for trust assurance. The recommendations in this article, as an approach to dis- covery with respect to EHRs, are: 1. parties should begin with the EHR system’s cur- rently established and routine ROI; and 2. the ROI should include descriptive information as a designated record set for general purposes, its intended scope, and its completeness in response to the ROI request and authorization. In the overwhelming majority of matters requiring EHR doc- umentation, this first-level ROI will be the extent of the required production. Generally, this approach comports with HIPAA’s patient-record production requirements.108 As an initial re- sponse to an ROI production request, all EHR software has functionality to render a paper output or an imaged export to enable patient access to their record. We strongly recommend that the healthcare entity can demonstrate that it based its established and routine ROI on procedures that include a previous deliberate process with a ba- sis in references or best practices. The entity could develop this ability through due diligence and in anticipation of a possible

108. Thomas R. McLean, EMR Metadata Uses and E-Discovery, I8 ANNALS HEALTH L. 75, 82 (2009), http://lawecommons.luc.edu/annals/vol18/iss1/5. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 285 request for validation of the ROI product. Ideally, the entity will have already internally tested and validated acceptable compli- ance with its own policies and procedures to determine initial scope and specifications for the ROI. Where the veracity of the documentation or process is not in controversy, deference to the “established and routine” general- purpose production works well. Although vendors designed the printed record to be usable for most purposes, the general- use design limits its utility because it usually omits levels of de- tail that will likely be relevant to substantiating veracity. In this aspect, from a discovery perspective, the paper record is incom- plete. The exported record also may lack other data which is normally less useful for general purposes and may be non-clin- ical or administrative or too voluminous. A simplified, readable representation of the EHR nonetheless serves a vital purpose by enabling patients to engage in their own care, and in some in- stances it adequately addresses several legal uses of EHRs for discovery and evidentiary purposes. Another potential Level 1 recommendation includes a future industry-wide requirement or protocol for output that: (1) in- corporates readily distinguishable cues such as color coding as a necessary feature in designated ROI output types to offer ad- ditional means for differentiating, for example, content source changes or amendments; and (2) easily identifies content that the clinician-author did not directly input (e.g., content derived from macros, system-prepopulated entries, drop-down texts, and carryforward or other copy functions). Intended as time- saving, text-generation tools, they can serve important clinical purposes. However, the use or misuse of these types of tools is ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

286 THE SEDONA CONFERENCE JOURNAL [Vol. 18 important to legal counsel assessing the source and trustworthi- ness of pre-generated or system-created EHR entries.109 3. In uncommon instances where veracity questions about EHR system documentation may arise, par- ties should start with a given EHR system’s cur- rently available means for responding to a request for audit-trail production. The second hierarchical level points to the importance of en- couraging the industry’s uptake of Standards-based audit trails. The EHR system must be able to capture a minimum data set consistent with specifications for evidentiary and discovery purposes with uniform usability characteristics across all prod- ucts. Although the industry has neither recognized nor imple- mented such a Standard, models do exist.110 It would be useful

109. See generally, e.g., K.W. Hammond et al., Are Electronic Medical Records Trustworthy? Observations on Copying, Pasting, and Duplication, AMIA ANN. SYMP. PROC. 269, 269–73 (2003); AM. HEALTH INFO. MGMT. ASSOC., APPROPRIATE USE OF THE COPY AND PASTE FUNCTIONALITY IN ELECTRONIC HEALTH RECORDS (2014), http://bok.ahima.org/PdfView?oid=300306; Heather L. Heiman et al., Medical Students’ Observations, Practices, and Atti- tudes Regarding Electronic Health Record Documentation, 26 TEACHING & LEARNING IN MED. 49, 49-55 (2014), available at http://www.tandfonline. com/doi/abs/10.1080/10401334.2013.857337; Jillian Harvey Swary & Erik J. Stratman, Practice Gaps in Patient Safety Among Dermatology Residents and Their Teachers: A Survey Study of Dermatology Residents, 150 JAMA DERMATOLOGY 738 (2014), available at http://jamanetwork.com/journals/ja- madermatology/fullarticle/1857536 (June 19, 2017); Heather C. O’Donnell et al., Physicians’ Attitudes Towards Copy and Pasting in Electronic Note Writing, 24 J. GEN. INTERN. MED. 63 (2009), available at https://www.ncbi. nlm.nih.gov/pmc/articles/PMC2607489/. 110. See, e.g., HEALTH LEVEL 7 INT’L, HL7 EHR-SYSTEM FUNCTIONAL MODEL, RELEASE 2, Records Infrastructure, Trust Infrastructure, HL7 (April 14, 2014), available at http://www.hl7.org/implement/standards/product_brief.cfm? product_id=269 (membership or no-cost user profile required to download). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 287 for organizations such as The Sedona Conference to recognize and support Standards implementation for specific end-use re- quirements. Standards should include audit-trail capabilities and reporting to encourage their adoption. As an initial propo- sition, we suggest focusing on Standards-based audit-trail func- tions for evidentiary purposes, directed at capturing the EHR data and including entry author(s), time and date of acts, nature of acts (e.g., originate/create, modify, or delete a record) and the specific modifications made. 4. Given the current absence of Standards-based functions, litigants should approach requests for validation data and audit-trail reporting like they would any eDiscovery request under the applica- ble laws. In the absence of uniform EHR system functions to assess risks—including Risks A through D in Figure [2]—audit-trail re- porting should refer to “audit trail reporting for a specific pur- pose.” Producers should design all reports with the intention of representing events occurring in the EHR, as specific parame- ters delineate. Before generating reports, the parties should en- ter formal eDiscovery agreements about the type of reporting requested and available, with judicial intervention as needed. Counsel on all sides of a dispute must demonstrate or otherwise secure experts or become educated in electronic charting and audit-trail capabilities and limitations to facilitate reasoned de- cisions and avoid misunderstandings. Parties should handle any requests for data outside the standardized outputs in a similar fashion. Counsel, with expert support as needed, should employ relevant eDiscovery laws and rules to effectuate an understanding of the EHR system en- vironment implemented in the specific institution. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

288 THE SEDONA CONFERENCE JOURNAL [Vol. 18

5. When deemed relevant and proportional to the needs of the case, litigants’ cooperation will be es- pecially important for producing historic displays of patient data. Vendors are unlikely to have technically or functionally de- signed today’s EHR systems to preserve historical displays of patient data. Absent universal technical Standards, native EHR data offers only limited utility. Litigants are then forced to max- imize use of what data they do have. Formal recommendations to the industry regarding the legal use of native data and histor- ical displays could lead to these capabilities in future products. Alternate methods of presenting historical displays, though po- tentially not useful as evidence (e.g., replicating the state of the record systems as of the time of the events in question), may be the only available option. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 289

VI. THE CONVENTIONAL RESPONSES: THE “LEGAL HEALTH RECORD” AND “RELEASE OF INFORMATION” In the paper-based world, the response to discovery requests for health-care information was to disclose a predefined set of information, the “legal health record,” as the result of a standard procedure, the “Release of Information” (ROI) process. The ad- vent of EHR systems requires a rethinking of these time-hon- ored processes.

A. Rethinking Established Procedures The information revolution has changed the legal landscape in organizations from solo-practitioner offices to nationally-in- tegrated, healthcare-provider systems. Still, all clinical organi- zations have a duty to maintain knowledge about their business and their clinical information systems’ functions. They must know how their respective systems maintain, utilize, and ex- change their data containing Protected Health Information (PHI). These demands, coupled with new requirements under HIPAA, also give individual patients expanded rights to access their PHI. They are also causing the healthcare sector to recon- sider concepts such as the “legal health record” in light of both HIPAA access rights and the ROI process. The healthcare indus- try hopes to establish information-governance111 programs ad- dressing these end-use demands, and seek to protect and en- hance primary use of patient care information while addressing access, mitigating risk, and maintaining compliance with regu- latory requirements, formal Standards, and best practices. Among these many end-use demands are those from the dis- covery and ROI processes.

111. The Sedona Conference, Commentary on Information Governance, supra note 38, at 135. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

290 THE SEDONA CONFERENCE JOURNAL [Vol. 18

Healthcare providers, attorneys, and the courts all rely on, utilize, and exchange relevant information, whether their case is clinical or legal. Fed. R. Civ. P. 26(b), combined with new HIPAA access rules,112 compels healthcare and legal providers to reconsider the nature, composition, and content of patients’ medical records. Determining relevance is about how to call out, as commonly understood designations, those elements of the patient record primarily used for clinical decision-making. These elements are the most relevant to establishing “the story” of the patient-care events in question. The designation process helps parties set aside elements of the record associated with unimportant designations. For exam- ple, HIPAA’s designated record set is not usually relevant to civil litigation. On the other hand, audit trails and clinical-deci- sion support functions may fall within the scope of litigation. These and other considerations are motivating innovations and new Standards, systems, and processes to cull, search, process, and produce PHI for discovery and ROI purposes.113 Organiza- tions may not necessarily determine what is legally relevant in this modernizing environment. In a cooperative approach that takes into account the current state of EHRs, however, an organ- ization can include the definition and reliable production of var- ying record set inventories, with each responsive to differing defined types of ROI outputs.

112. U.S. Dep’t of Health & Human Servs., Individuals’ Right Under HIPAA to Access Their Health Information 45 CFR § 164.524, HHS.GOV, http://www.hhs.gov/hipaa/for-professionals/privacy/guidance/access (last visited June 19, 2017). 113. Linda J. Bock et al., Management Practices for the Release of Information, 79 J. AHIMA 77, 77–80 (2008), available at http://bok.ahima.org/doc?oid= 85544#.WUrPpevyvIV. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 291

The concept of relevance is an important decision-making factor in the clinical and legal processes. We intend the hierar- chical models in Figures [1] and [2] to provide a graphic repre- sentation of a logical sequence by which systems may analyze and process PHI. If questions arise about the truthfulness of the patient’s story, the hierarchical model will provide a step-by- step process to include “relevance” as a function of the question type: questions about the health-care story v. questions about the credibility of the story as the system tells it. If questions about credibility arise in later steps, then “relevance” shifts to evaluating the reliability of the system itself and its ability to capture, assert, and defend accuracy and authenticity. Clinicians can cull, search, and process information which the model clarifies and deems relevant from the EHR to tell the patient’s story. The Logical Model also will corroborate the story-telling by assessing its believability while retaining the fo- cus of the record, which is to provide the facts clinicians used and recorded in the course of making decisions about a patient. The legal industry has long understood the concept of rele- vance, and, for that reason, the eDiscovery rules incorporate it. The challenge that the healthcare industry, attorneys, and the courts have before them is how to rethink and redefine the con- cept of the “legal health record.”114 The updated model must ac- commodate the changing format, content, and location of PHI within expanding and diversifying concepts of relevance. It must also help sunset aging practices and concepts, such as the “legal health record.”

114. AHIMA, Fundamentals of the Legal Health Record and Designated Record Set, 82 J. AHIMA (2011), available at http://library.ahima.org/doc?oid= 104008#.WUrLN-vyvIU. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

292 THE SEDONA CONFERENCE JOURNAL [Vol. 18

B. Moving from Paper to Digital Systems: Retiring the “Legal Health Record” Term from Digital Designations To some extent, the old paper-record notion of a legal health record remains based on the expectation of commonly occur- ring physical documents. The paper record’s components con- sisted of defined forms and formats of physical documents such as episode-of-care records, flow charts, medication lists, dis- charge summaries, and post-operative reports. In contrast, every output in today’s digital-records environment is a dy- namic construct with uncertain, changeable, and changing rules that vary extensively between organizations. To date, there have been many attempts to redefine the term “legal health record”115 to bridge the transition from paper to digital environments. For example: 1. Objective Definition of the Legal Health Record A legal health record (LHR) is the docu- mentation of patient health information that is created by a health care organiza- tion. The LHR is used within the organiza- tion as a business record and made availa- ble upon request from patients or legal services.116 2. Functional Definition of the Legal Health Record Defining the legal record – A health care or- ganization collects a variety of information on individuals (clinical, financial, adminis- trative). Organizations must have a written

115. Margaret Rouse, Definition of Legal Health Record, TECHTARGET: HEALTHIT, http://searchhealthit.techtarget.com/definition/legal-health-rec- ord (last visited June 9, 2017). 116. Id. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 293

policy to identify the content of the formal health record, which will constitute the of- ficial representation of an episode of care, to be disclosed upon request.117 3. Legal Health Record The legal health record is the officially de- clared record of health care services pro- vided to an individual delivered by a pro- vider. It is the record that would be released upon receipt of an authorized re- quest.118 The three distinct definitions outlined above and their asso- ciated principles are increasingly inconsistent with the intent of federal and state eDiscovery rules. A healthcare organization can no longer unilaterally determine the scope of the “official” record for an episode of care. The new HIPAA access require- ments support individual access to any PHI. Under these re- quirements, the record definition has become: [a]ny item, collection, or grouping of information that includes PHI and is maintained, collected, used, or disseminated by or for a covered entity.119

117. KIMBERLY A. BALDWIN-STRIED REICH, KATHERINE L. BALL, MICHELLE L. DOUGHERTY & RONALD J. HEDGES, E-DISCOVERY AND ELECTRONIC RECORDS 23 (AHIMA, 2012), available to purchase at https://www.amazon.com/discovery- Electronic-Records-Kimberly-Baldwin-Stried/dp/158426229X. 118. Nat’l Learning Consortium, Health Information Technology Research Center (HITRC), Rural Wisconsin Health Cooperative Workgroup, Legal Health Record Policy Template, 3, HEALTHIT.GOV (2013), https://www.healthit. gov/providers-professionals/implementation-resources/legal-health-record- policy-template. 119. U.S. Dep’t of Health & Human Servs., Individuals’ Right Under HIPAA to Access Their Health Information 45 CFR § 164.524, supra note 112. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

294 THE SEDONA CONFERENCE JOURNAL [Vol. 18

The paradigm shift requires the healthcare industry to rede- fine its concepts of records and methods for assuring veracity for multiple end uses. EDiscovery rules and access require- ments provide guidance for establishing new information-gov- ernance and ROI processes that embrace the concept of “rele- vance” in the context of leveraging improved EHR system capabilities supporting reliability, authenticity, and accuracy. However, this broad view of what a production potentially could include does not mean that every ROI or legal document request merits disclosure of the full array of available infor- mation about a patient. The challenge, which conscientiously designed records system could readily meet, is to have multiple production options—each transparently constrained to limiting the response to information relevant to the purposes of the re- quest without infringing on the requesting party’s entitlement to more expansive definitions of the full record. The key to sur- mounting the challenge efficiently is effective communication from the requesting party about what he or she needs, coupled with the healthcare provider’s effective processing of the re- quest—contingent on legal entitlement, availability, and acces- sibility. The healthcare provider maintaining the records must describe and accordingly designate what it routinely provides for a given type of request. If reasonable in scope, that designa- tion should suffice for most situations.120 However, flexibility and transparency are necessary because needs and entitlement vary on a case-by-case basis. Production may need to be a step- by-step iterative affair with attendant communication between the requesting party and healthcare provider.

120. The organization must have a reasonable basis for its designated rec- ord sets that it provides to requesting parties, a court, or another supervising official. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 295

This necessitates designing outputs that include descrip- tions of intended use, general content, constraints, and exclu- sions, so what the output purports to be in the context of today’s otherwise non-standardized and unpredictably variable sys- tems is reasonably clear. The obsolete concept of formulaic legal health records con- veys the erroneous and archaic view that a clinical enterprise can decide what is not legally sufficient for discovery and dis- closure. This approach is problematic, especially considering the recent guidance that the U.S. Department of Health and Hu- man Services Office of Civil Rights (HHS/OCR) released.121 Under these HHS/OCR access rules, individuals have rights to a broad array of health information about themselves, includ- ing medical records, billing and payment records, insurance in- formation, clinical laboratory test results, medical images such as X-rays, wellness and disease-management program files, clinical case notes, and other information. However, the rules do not require a covered entity to create new information that does not already exist in the designated record set when it re- sponds to a request for access. The evolving field of genomics provides an excellent exam- ple of the struggle to define the designated record set and con- cept of relevance.122 As two prominent researchers found, “[t]o date, no commercial EHR system has been described that sys- tematically integrates genetic or genomic data, let alone uses

121. AHIMA, Fundamentals of the Legal Health Record and Designated Record Set, supra note 114. 122. Ananya Mandal, What Is Genomics?, NEWS MEDICAL (July 20, 2014), http://www.news-medical.net/life-sciences/What-is-Genomics.aspx. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

296 THE SEDONA CONFERENCE JOURNAL [Vol. 18 this information to translate disease risk into treatment recom- mendations.”123 Therefore, when it comes to a traditional ROI disclosure request for a patient’s EHR, the healthcare provider cannot produce potentially significant genetic or genomic data because it is located outside the EHR system. Best-practice guidance advising that the legal health record “serves to identify what information constitutes the official business record of an organization for evidentiary purposes”124 is troubling in the context of both the state and federal eDiscov- ery rules as well as the new HHS/OCR access rules, which state that healthcare providers must allow individuals to access “[a]ny item, collection, or grouping of information that includes PHI and is maintained, collected, used, or disseminated by or for a covered entity.”125 Although troubling, the widespread use of “non-standard” and “unpredictably variable” systems may be a temporary problem for clinicians and clinical enterprises. Most of them are attempting to act correctly to bridge the gap between expecta- tions and reality. Given the HHS/OCR definition, we recom- mend defining the concept of designated record set as a series of specifications. For example, vendors must develop, in time, separate and distinct variations of a designated record set for purposes of HIPAA, litigation, ROI, assessing patient records trust, and other categories.

123. Joseph K. Kannry & Marc S. Williams, Integration of Genomics into the Electronic Health Record: Mapping Terra Incognita, 15 GENETICS IN MED. 757, 757–60 (2013), http://www.nature.com/gim/journal/v15/n10/full/gim2013 102a.html. 124. AHIMA, Fundamentals of the Legal Health Record and Designated Record Set, supra note 114. 125. 45 C.F.R. 164.524 (2017). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 297

If an organization finds it simpler to continue with the collo- quial use of “legal health record” for its internal communica- tions pending a more EHR-centric approach, that decision may buffer the expectation that external entities will accept its scope as sufficient.

C. The ROI and eDiscovery Convergence An examination of Fed. R. Civ. P. 34 and 45 in conjunction with the 2016 HHS/OCR PHI access requirements126 demon- strates the convergence and recurring overlap between eDiscov- ery and ROI processes. The functions of the two processes have become inextricably connected and compose crucial compo- nents of any information-governance program. Table [3] pre- sents a contrast and comparison of these processes.

ROI vs. eDiscovery ROI eDiscovery The process of making The process of compiling, determinations about whether storing, and securing digital an external requestor is information (including an authorized to access an individual’s PHI) such as email, individual’s health information documents, databases, voicemail, and social media in response to a request for production in a lawsuit or regulatory investigation Traditional health information New and evolving HIM management (HIM) function function

126. 45 C.F.R. 164.524 (2017). ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

298 THE SEDONA CONFERENCE JOURNAL [Vol. 18

ROI vs. eDiscovery ROI eDiscovery The Director of Medical Individual(s) with Records/HIM Department administrative control over the generally named as the official physical and remote storage custodian (or “keeper”) of the and record protection individual’s medical record throughout their retention period may be designated by the firm as “custodians” One official custodian Potentially multiple custodians Varied but predictable types of eDiscovery is less varied and requests for individuals, predictable, focusing on civil internal requestors, and discovery, regulatory litigation and regulatory investigations, and/or investigations administrative actions The ROI process has been a eDiscovery response is critical component of the becoming a critical component healthcare organization’s of the healthcare organization’s information-governance information-governance program program Table [3]: ROI vs. eDiscovery Healthcare firms have historically designated their HIM de- partments as the official “custodians of medical records.” Most HIM departments process and respond to subpoenas in state court, where most medical-malpractice litigation occurs. How- ever, in the new health-information-governance paradigm, ac- cessing and processing PHI for all purposes—including subpoe- nas and ROI requests—will dramatically evolve as litigants recognize that increasing amounts of PHI reside in locations outside EHRs, including email, mobile devices and applica- tions, voicemail, and other digital sources. Genomic data is an important example of PHI that the EHR generally excludes. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 299

D. Future Health-Information-Governance Programs The concept of the “legal health record” as a one-size-fits-all disclosure of predetermined scope and format is becoming in- creasingly inaccurate. Misapplying the concept can cause it to manifest as a source of unnecessary controversy and semantic obstacle to full and fair disclosure when parties have different expectations of the scope of PHI that the healthcare provider must produce. Records and data that clinicians use and create during care may be subject to discovery under the applicable jurisdiction’s law. Outside litigation, individuals now have greater statutory access rights to their PHI; healthcare providers must deliver in electronic form if they request it. This further complicates the variability and potential misunderstanding of what constitutes a legally sufficient scope of required disclosure for a given complete-record request.127 It is now incumbent upon all healthcare organizations and providers to begin establishing new health-information-govern- ance programs and principles that comply with these new re- quirements. Such governance must align EHR system functions and uses with multiple and diverse ROI requirements. These in- itiatives will be more effective if they include due diligence and

127. The inherently indeterminate nature of discovery properly resists strict definition. Furthermore, attorneys execute discovery on a case-by-case basis with presumptions, but not guarantees, of reasonableness and good faith. Something that is entirely appropriate for a general-purpose ROI is un- likely to meet the needs of a subpoena in, for example, a malpractice case. On top of these inherent structural discovery variances, EHRs add complex- ity and variance which should not be attributes of reliable systems. All these factors, with the current absence of guidelines, make it difficult for a party to determine its obligations are in a case. This necessitates early and ongoing communication. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

300 THE SEDONA CONFERENCE JOURNAL [Vol. 18 acceptance testing. Testing assures that organizations can effec- tively manage EHR systems to support the increasing scope of relevance for disclosure and discovery purposes.

Checklist for ROI Specialists and Healthcare Litigation Response Team Question Action(s) What is the nature of the Log and classify the request as request? Is it verbal or written? routine disclosure, patient request, subpoena, or other. Time- and date-stamp the receipt of all requests, including the identity of the agent (human or device) recording receipt. Track the request into the organization’s system (manually or electronically). Who reviews the request to Ensure a quality control process ensure that it meets all which verifies that all elements organizational policy of the designated record set are requirements and that all checked against the record elements are being provided to request for integrity and the individual in accordance accuracy. with the request? Do we review all requests to If the request does not meet ensure that they meet all requirements, return the organizational, jurisdictional, or request to originator with regulatory requirements? return letter. If the request meets requirements, determine whether the requestor is authorized to receive the ROI. If so, verify the requestor’s identity before processing the request. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 301

Checklist for ROI Specialists and Healthcare Litigation Response Team Question Action(s) What is the process for Review subpoena to determine reviewing and accepting if it is valid and consider subpoenas? whether it contains all required Are there specific department(s) elements and fees. or individuals who are The subpoena form will vary by authorized to accept subpoenas state statute. Generally, a on behalf of the organization? subpoena is valid when it contains the following elements: • Name and jurisdiction of the court • Names of the plaintiff and defendant • Case docket number • Date, time, and place of requested appearance • Description of specific documents sought • Name of attorney who caused the court to issue the subpoena • Signature stamp or official seal • Appropriate witness and mileage fees. If the subpoena is valid, determine whether the organization or providers may become parties to the action or otherwise face liability. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

302 THE SEDONA CONFERENCE JOURNAL [Vol. 18

Checklist for ROI Specialists and Healthcare Litigation Response Team Question Action(s) If so, notify legal counsel and/or risk management immediately; conduct an early case assessment on the matter; establish reserves; place a legal hold on any/all relevant information; and notify all custodians in writing. Does the organization have a Educate and train the litigation- litigation-response team in response team in all place? organizational-information- If, so who are the members, governance program policies what are their professional and procedures, including ROI, roles, and which departments eDiscovery, and processing are they from? subpoenas. Table [4]: Checklist for ROI Specialists and Healthcare Litigation Response Team ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 303

VII. SHORT-TERM TREATMENT SOLUTIONS EHR systems have failed to deliver on their promises of in- creased utility and decreased costs. In this article, we have out- lined shortfalls specific to ROI and discovery. These normal business processes have become unnecessarily and harmfully complex and burdensome. Requesting and producing parties will benefit from a shift toward simpler uniform guidelines. The uniform procedures128 we recommend establish initial scope, form, and limits for med- ical-records production. They also support early alerts to areas of agreement and disagreement that judicial guidance expe- dites. Lastly, stakeholders can apply them to current EHRs to promote economy and efficiency in the near term. The recom- mended process is as follows: 1. Acknowledge that EHR anomalies in eDiscovery are ubiquitous due to their widely variable, non- Standards-adherent, and unregulated state. 2. Agree that parties undertake initial ROI and dis- covery production in good faith, benefitting from early discussion of key questions and associated scope. 3. Agree that, insofar as (2) may require repeated re- quest/production cycles for clarifications or illu- mination of previous unknowns, parties should anticipate sequential cycles and will improve them through effective communication.

128. Uniform procedures would need to accommodate different types of medical–legal cases. For example, the scope of relevant medical records from a non-party healthcare provider in an automobile case may differ from the scope of relevant medical records from a defendant doctor in a medical-mal- practice case. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

304 THE SEDONA CONFERENCE JOURNAL [Vol. 18

4. In the unusual instance where questions arise re- garding the EHR system itself, then: a. parties may reference the Logical Model hier- archy to focus efforts in a rational manner; and b. the more basic the reliability impairment, the greater the benefit from early assessments and discovery management, as the associated trust-impact risks inform. A further recommendation for EHR, ROI, and discovery points to the benefit of retiring the term “legal health record,” a concept that is problematic for digital-records systems. The “designated record sets” concept, as incorporated within HIPAA, ideally provides individuals with easy access to their health information. This concept holds true for both clinical and legal processes and matters related to the scope of production of information in a case. Organizations must replace the term with rigorous health-information governance. A disciplined ap- proach is essential to continuous improvement through testing and validating the reliable production of accurate, authentic ROI reports. ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

2017] LEGAL AILMENTS OF THE ELECTRONIC HEALTH RECORD 305

VIII. CONCLUSION As the rules of procedure, case law, and ethical canons re- quire, the ultimate responsibility for a reasoned and competent approach to the discovery process falls on attorneys and judges. In the EHR world, they can meet this responsibility by learning about the information landscape and diligently pursuing preci- sion, equitability, and fairness. In this regard, the digital world is simply the successor to its paper-based predecessor. At the same time, responsibility for an accurate, complete, understandable, and reasonably accessible record is the profes- sional and legal responsibility of healthcare providers and facil- ities. While we may debate how the current state of EHRs arose, the two professional domains—legal and clinical—share a com- mon cause. Future development of systems, Standards, and pro- cesses to address the anomalies regarding data origination, re- tention, access, aggregation, and production will advance the just, speedy, and inexpensive determination of civil proceed- ings while reducing medical–legal risk and improving patient care. The objectives for current EHR initiatives must expand to in- clude thorough and accurate medical records that systems cre- ate, store, secure, and make immediately available for use within and outside healthcare organizations so patients and other healthcare providers can access them. Information in the records should be economically and efficiently available for the patients, as well as for business, governmental, and medical–le- gal needs, while also assuring privacy and security compliance. EHR systems do not yet meet these legally necessary ideals de- spite their technological feasibility.129

129. The HITECH Act established the ONC and authorizes the HHS to es- tablish programs to improve health-care quality, safety, and efficiency by promoting of health IT, including EHRs and private and secure electronic ELECTRONIC HEALTH RECORDS FNL.6 (DO NOT DELETE) 7/12/2017 2:54 PM

306 THE SEDONA CONFERENCE JOURNAL [Vol. 18

A shift toward positivity through enhanced sharing of suc- cess strategies and reduced harmful variances is necessary. The Sedona Conference provides resources and principles to sup- port positive, collegial achievement of practical solutions through better processes, assisted by better technology for the advancement of law. In the case of EHRs, the legal system is in- creasingly imposing burdens and judgements on persons, or- ganizations, and products deemed responsible for their current poor state. All parties will benefit from an expeditious shift to improved EHR systems for better discovery and ROI.

health-information exchange. According to Healthcare IT, “[t]he collabora- tive efforts of stakeholders is crucial to achieving the vision of a learning health system where individuals are at the center of their care; providers have a seamless ability to securely access and use health information from different sources; an individual’s health information is not limited to what is stored in electronic health records (EHRs), but includes information from many different sources and portrays a longitudinal picture of their health, not just episodes of care; and where public health agencies and researchers can rapidly learn, develop, and deliver cutting edge treatments.” See A Shared Nationwide Interoperability Roadmap Version 1.0, HEALTHIT.GOV, https://www.healthit.gov/policy-researchers-implementers/interoperability (last visited June 9, 2017).